CVE-2025-3573

Name of the Vulnerable Software and Affected Versions: jquery-validation versions prior to 1.20.0

Description: The issue concerns Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

Recommendations: For versions prior to 1.20.0, update to version 1.20.0 or later to resolve the issue. As a temporary workaround, consider disabling the showLabel() function until a patch is available. Restrict access to user-controlled placeholder values to minimize the risk of exploitation.