npm package
jquery-validation
pkg:npm/jquery-validation
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-3573 | Med | 6.1 | < 1.20.0 | 1.20.0 | Apr 15, 2025 | Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dicti | |
| CVE-2022-31147 | — | < 1.19.5 | 1.19.5 | Jul 14, 2022 | The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due | ||
| CVE-2021-43306 | — | < 1.19.4 | 1.19.4 | Jun 1, 2022 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method | ||
| CVE-2021-21252 | — | < 1.19.3 | 1.19.3 | Jan 13, 2021 | The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Ser |
- affected < 1.20.0fixed 1.20.0
Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dicti
- CVE-2022-31147Jul 14, 2022affected < 1.19.5fixed 1.19.5
The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due
- CVE-2021-43306Jun 1, 2022affected < 1.19.4fixed 1.19.4
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
- CVE-2021-21252Jan 13, 2021affected < 1.19.3fixed 1.19.3
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Ser