CVE-2024-30875

Description

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component.

How to fix CVE-2024-30875

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/jqueryui—no fix listed

Is CVE-2024-30875 being exploited?

Moderate — EPSS is 19.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0

References (2)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2024-30875
• WEBgithub.com/Ant1sec-ops/CVE-2024-30875