AIKIDO-2025-10401
jsoup is vulnerable to Cross-site Scripting (XSS)
65
Medium Risk
This Affects:
jsoupTL;DR
Affected versions of this package are vulnerable to Mutation Cross-site Scripting (XSS) due to improper escaping of < and > characters in HTML attributes during serialization, allowing attackers to inject malicious scripts when user input is rendered. An attacker could exploit this by crafting a payload inside an attribute, which, if unescaped, could break out of the attribute context and execute arbitrary JavaScript in the victim's browser. This occurs when the browser's HTML parser misinterprets the unescaped characters as markup, leading to DOM mutation and script execution.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
jsoup is vulnerable to Cross-site Scripting (XSS) in versions 1.12.2 - 1.21.0.
How to fix this
Upgrade the org.jsoup:jsoup library to the patch version.
Background Info
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant