CVE-2024-30875

Name of the Vulnerable Software and Affected Versions: jquery-ui version 1.13.1

Description: The issue is related to a Cross-Site Scripting vulnerability in the jquery-ui JavaScript library. This vulnerability allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. The exploitation of this vulnerability may enable an attacker to perform a cross-site scripting attack.

Recommendations: For jquery-ui version 1.13.1, as a temporary workaround, consider disabling the window.addEventListener component until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the window.addEventListener component in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.