Unknown · Jquery-Validation · CVE-2025-3573
Name of the Vulnerable Software and Affected Versions:
jquery-validation versions prior to 1.20.0
Description:
The issue concerns Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.
Recommendations:
For versions prior to 1.20.0, update to version 1.20.0 or later to resolve the issue.
As a temporary workaround, consider disabling the showLabel() function until a patch is available.
Restrict access to user-controlled placeholder values to minimize the risk of exploitation.