jQuery DOM manipulation XSS via htmlPrefilter

This repository is a small browser-side proof-of-concept for CVE-2020-11022 affecting jQuery versions earlier than 3.5.0. It is not a remote exploit framework or weaponized kit; instead, it provides helper scripts to validate a target page and manually demonstrate DOM XSS. The structure is simple: README.md explains the vulnerability and exploitation workflow; jquery_detection.js checks whether jQuery is present and logs its version; dumps_id.js enumerates all DOM element IDs to help identify candidate sinks; payloads.js defines a crafted HTML payload and injects it into the hardcoded selector '#error-msg' using jQuery .html(). The main capability is execution of arbitrary JavaScript in the victim page context via a malicious HTML fragment containing an img onerror handler. No external network endpoints, C2, download URLs, or hardcoded IPs are present. The only fingerprintable targets are local browser-side selectors and file names. Overall, this is a manual DOM-XSS PoC intended for testing vulnerable pages that use old jQuery and unsafe DOM manipulation patterns.

This repository is a proof-of-concept exploit for CVE-2020-11022 and CVE-2020-11023, which are cross-site scripting (XSS) vulnerabilities in jQuery versions prior to 3.5.0. The repository contains two files: a README.md with detailed exploitation instructions and an index.php file that serves as a vulnerable web application. The exploit demonstrates how an attacker can inject arbitrary JavaScript via the 'value' URL parameter, leading to XSS and cookie theft. The attack is performed by hosting index.php on a PHP webserver with a vulnerable jQuery version, then visiting a crafted URL and triggering DOM manipulation via a button. The exploit also shows how to exfiltrate cookies to an attacker-controlled server. The repository is structured as a simple, educational POC and does not include weaponized or automated exploitation features.