CVE-2024-30875

HIGH

jquery-ui 1.13.1 - Cross-Site Scripting via window.addEventListener

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-30875. PoCs published by Ant1sec-ops.

AI-analyzed exploit summary The repository provides a technical analysis of a Cross-Site Scripting (XSS) vulnerability in jquery-ui v1.13.1, detailing the attack vector, payload example, and impact. It includes a proof-of-concept URL demonstrating the vulnerability but lacks functional exploit code.

Description

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, and because the exploitation example does not indicate whether, or how, the example website is using jQuery UI.

Exploits (1)

nomisec WRITEUP 1 stars

by Ant1sec-ops · poc

https://github.com/Ant1sec-ops/CVE-2024-30875

View Code ZIP pw:eip

The repository provides a technical analysis of a Cross-Site Scripting (XSS) vulnerability in jquery-ui v1.13.1, detailing the attack vector, payload example, and impact. It includes a proof-of-concept URL demonstrating the vulnerability but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: jquery-ui v1.13.1

No auth needed

Prerequisites: Victim interaction (clicking a crafted link)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/Ant1sec-ops/CVE-2024-30875

Scores

CVSS v3 7.1

EPSS 0.0079

EPSS Percentile 51.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published Oct 17, 2024

Tracked Since Feb 18, 2026