Medium severity6.1OSV Advisory· Published Apr 15, 2025· Updated Apr 15, 2026
CVE-2025-3573
CVE-2025-3573
Description
Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jquery-validationnpm | < 1.20.0 | 1.20.0 |
Affected products
2- Range: 1.10.0, 1.11.0, 1.11.1, …
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rrj2-ph5q-jxw2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-3573ghsaADVISORY
- github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902nvdWEB
- github.com/jquery-validation/jquery-validation/pull/2462nvdWEB
- security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285nvdWEB
News mentions
0No linked articles in our index yet.