From 25851186ff5ca23592822be4ab7a13c8b96d89ea Mon Sep 17 00:00:00 2001
From: npt-1707 <npthanh132@gmail.com>
Date: Mon, 4 May 2026 07:21:31 +0800
Subject: [PATCH] public/libs/jquery-2.1.0.js: Ajax: Mitigate possible XSS
 vulnerability

---
 public/libs/jquery-2.1.0.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/public/libs/jquery-2.1.0.js b/public/libs/jquery-2.1.0.js
index f74c103fde..5c9830e7c1 100644
--- a/public/libs/jquery-2.1.0.js
+++ b/public/libs/jquery-2.1.0.js
@@ -7666,6 +7666,11 @@
           // Convert response if prev dataType is non-auto and differs from current
         } else if (prev !== "*" && prev !== current) {
 
+          // Mitigate possible XSS vulnerability (gh-2432)
+				if ( s.crossDomain && current === "script" ) {
+					continue;
+				}
+
           // Seek a direct converter
           conv = converters[ prev + " " + current ] || converters[ "* " + current ];