CVE-2011-4969
EPSS 6.3%jQuery vulnerable to Cross-Site Scripting (XSS)
Published: 5/14/2022Modified: 6/4/2024
Also known as:GHSA-579v-mp3v-rrw5
Description
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Affected packages (5)
- Debian/jqueryfrom 0, < 1.6.4-1
- Maven/org.webjars.npm:jqueryfrom 0, < 1.6.3
- npm/jqueryfrom 0, < 1.6.3
- NuGet/jQueryfrom 0, < 1.6.3
- RubyGems/jquery-railsfrom 0, < 1.0.16
References (21)
- ADVISORYhttp://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-4969
- ADVISORYhttps://security.netapp.com/advisory/ntap-20190416-0007/
- PATCHhttps://github.com/jquery/jquery
- WEBhttp://blog.jquery.com/2011/09/01/jquery-1-6-3-released
- WEBhttp://blog.mindedsecurity.com/2011/07/jquery-is-sink.html
- WEBhttp://bugs.jquery.com/ticket/9521
- WEBhttps://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2011-4969.yml
- WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- WEBhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730
- WEBhttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
- WEBhttps://security.netapp.com/advisory/ntap-20190416-0007
- WEBhttps://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450224
- WEBhttp://www.openwall.com/lists/oss-security/2013/01/31/3
- WEBhttp://www.osvdb.org/80056
- WEBhttp://www.securityfocus.com/bid/58458
- WEBhttp://www.securitytracker.com/id/1036620
- WEBhttp://www.ubuntu.com/usn/USN-1722-1