DEBIAN-CVE-2025-3573

DEBIAN-CVE-2025-3573 PUBLISHED CVSS 5.300000190734863 MEDIUM

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

Risk Scores

CVSS 4.0

5.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products

Vendor	Product	Versions
Debian:11	phpmyadmin	*, 5.2.2-really, 5.2.2-really
Debian:13	phpmyadmin	5.2.2-really, 0, 4:5.2.2-really+dfsg-1
Debian:13	znuny	6.5.3-1, 6.5.3-1~bpo12+1, 6.5.4-1
Debian:14	znuny	0, 6.3.3-1, 6.3.3-1~bpo11+1
Debian:12	phpmyadmin	5.2.2-really, 5.2.2-dev, 5.2.1+dfsg
Debian:12	znuny	6.5.6-1, 6.5.8-1, 6.5.8-1~bpo12+1
Debian:13	kalkun	0, 0
Debian:11	civicrm	*, 5.52.2+dfsg1, 5.53.0+dfsg1
Debian:14	kalkun	0
Debian:14	phpmyadmin	*, 0

Timeline

Apr 15, 2025 CVE Published
May 7, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-3573 advisory

Open in Interactive Console →