jQuery vulnerable to Cross-Site Scripting (XSS)

2022-05-1401:09:51

CWE-79

GitHub Advisory Database

github.com

103

jquery

cross-site scripting

vulnerability

remote attackers

web script

html

crafted tag

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

69.9%

JSON

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

Affected configurations

Vulners

Node

org.webjars.npmjqueryRange<1.6.3

rubyonrailsjquery-railsRange<1.0.16

jqueryjqueryRange<1.6.3

VendorProductVersionCPE
org.webjars.npmjquery*cpe:2.3:a:org.webjars.npm:jquery:*:*:*:*:*:*:*:*
rubyonrailsjquery-rails*cpe:2.3:a:rubyonrails:jquery-rails:*:*:*:*:*:*:*:*
jqueryjquery*cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.webjars.npm	jquery	*	cpe:2.3:a:org.webjars.npm:jquery::::::::
rubyonrails	jquery-rails	*	cpe:2.3:a:rubyonrails:jquery-rails::::::::
jquery	jquery	*	cpe:2.3:a:jquery:jquery::::::::