CVE-2024-30875: XSS
Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, and because the exploitation example does not indicate whether, or how, the example website is using jQuery UI.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2024-30875?
CVE-2024-30875 has been classified as a Cross Site Scripting vulnerability that can lead to significant security risks if exploited.
How do I fix CVE-2024-30875?
To mitigate CVE-2024-30875, ensure you upgrade to a patched version of jQuery UI above 1.13.1.
Who is affected by CVE-2024-30875?
CVE-2024-30875 affects users of jQuery UI version 1.13.1, particularly those utilizing the window.addEventListener component.
How can CVE-2024-30875 be exploited?
CVE-2024-30875 can be exploited by a remote attacker sending a crafted payload that targets the vulnerable JavaScript Library.
What are the potential impacts of CVE-2024-30875?
If successfully exploited, CVE-2024-30875 can result in unauthorized execution of arbitrary code and exposure of sensitive information.