Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-npfb-rzhh-d7eg
Vulnerability ID VCID-npfb-rzhh-d7eg
Aliases GHSA-5cp4-xmrw-59wf
GMS-2020-703
Summary XSS via JQLite DOM manipulation functions in AngularJS
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 5.0 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
generic_textual MODERATE https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-5cp4-xmrw-59wf
cvssv3.1 5.0 https://github.com/advisories/GHSA-mhp6-pxh8-r675
generic_textual MODERATE https://github.com/advisories/GHSA-mhp6-pxh8-r675
cvssv3.1 5.0 https://github.com/angular/angular.js
generic_textual MODERATE https://github.com/angular/angular.js
cvssv3.1 5.0 https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf
cvssv3.1_qr MODERATE https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf
generic_textual MODERATE https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf
cvssv3.1 5.0 https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
generic_textual MODERATE https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
cvssv3.1 5.0 https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
generic_textual MODERATE https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
cvssv3.1 5.0 https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
generic_textual MODERATE https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
Reference id Reference type URL
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://github.com/angular/angular.js
https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
GHSA-5cp4-xmrw-59wf https://github.com/advisories/GHSA-5cp4-xmrw-59wf
GHSA-5cp4-xmrw-59wf https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf
GHSA-gxr4-xjj5-5px2 https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
GHSA-jpcq-cgw6-v4j6 https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
GHSA-mhp6-pxh8-r675 https://github.com/advisories/GHSA-mhp6-pxh8-r675
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/advisories/GHSA-mhp6-pxh8-r675
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/angular/angular.js
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-11T20:26:24.378435+00:00 GHSA Importer Import https://github.com/advisories/GHSA-5cp4-xmrw-59wf 38.6.0