CVE-2020-23064 Cross Site Scripting Vulnerability in jQuery

[A7e3]

A critical security vulnerability, identified as CVE-2020-23064, has been detected in jQuery versions 2.2.0 through 3.x, prior to version 3.5.0. This vulnerability exposes a Cross Site Scripting (XSS) exploit, enabling remote attackers to execute arbitrary code via the element.

To mitigate this security risk, it is imperative to update jQuery to version 3.5.0 or later. Failure to do so may leave systems vulnerable to exploitation, potentially resulting in unauthorized code execution.

[Jcw87]

I did some reading on this, one site claimed it involves an options element (which my project doesn't use), and the jquery site says it involves a faulty regex when creating elements in the xhtml style. If you haven't noticed, my project doesn't do a lot of element creation. In fact, I think there's only one case where this happens, and it is with an input element. I'm not convinced that this is even exploitable without the user pasting in external code into their javascript console. Additionally, even if this exploit was triggered, there's no sensitive information being handled here. It's just a game clone.

Now consider this. This project was made with Construct 2. Construct 2 no longer receives updates, so every project exported with the latest version of it is going to contain jquery 3.4.1. My only option for updating it would be to replace it myself, and that means dealing with whatever unexpected issues that may come up from updating it. That's more effort than I want to put into this for an issue that is probably a non-issue. So if you want me to address this, you need to show me how this is exploitable in my project and how it can negatively impact users.

[A7e3]

All good just wanted to point your attention to this I knew that the project probably does not use any options element or anything just wanted to make sure you knew just in case for the future you decide to use these elements.