Lucene search

GoogleOSV:GHSA-579V-MP3V-RRW5

HistoryMay 14, 2022 - 1:09 a.m.

jQuery vulnerable to Cross-Site Scripting (XSS)

2022-05-1401:09:51

Google

osv.dev

jquery

cross-site scripting

vulnerability

remote attackers

web script

html

EPSS

0.003

Percentile

69.9%

JSON

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

References

blog.jquery.com/2011/09/01/jquery-1-6-3-released

blog.mindedsecurity.com/2011/07/jquery-is-sink.html

bugs.jquery.com/ticket/9521

www.openwall.com/lists/oss-security/2013/01/31/3

www.ubuntu.com/usn/USN-1722-1

github.com/jquery/jquery

github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9

lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2011-4969

security.netapp.com/advisory/ntap-20190416-0007

security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450224

EPSS

0.003

Percentile

69.9%

JSON

Related for OSV:GHSA-579V-MP3V-RRW5