VYPR

npm package

jquery-validation

pkg:npm/jquery-validation

Vulnerabilities (4)

  • CVE-2025-3573MedApr 15, 2025
    affected < 1.20.0fixed 1.20.0

    Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dicti

  • CVE-2022-31147Jul 14, 2022
    affected < 1.19.5fixed 1.19.5

    The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due

  • CVE-2021-43306Jun 1, 2022
    affected < 1.19.4fixed 1.19.4

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

  • CVE-2021-21252Jan 13, 2021
    affected < 1.19.3fixed 1.19.3

    The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Ser