GMS-2017-121: XSS via improper selector detection

March 21, 2017

jQuery’s main method in affected versions contains an unreliable way of detecting whether the input to the jQuery(strInput) function is intended to be a selector or HTML.

References

bugs.jquery.com/ticket/11290

Detect and mitigate GMS-2017-121 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →