Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2012-6708HistoryJan 18, 2018 - 11:29 p.m.
CVE-2012-6708
2018-01-1823:29:00
Debian Security Bug Tracker
security-tracker.debian.org
47
0.008 Low
EPSS
Percentile
81.9%
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the ‘<’ character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the ‘<’ character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | jquery | < 1.11.3+dfsg-1 | jquery_1.11.3+dfsg-1_all.deb |
Related
f5
f5
K62532311 : jQuery vulnerability CVE-2012-6708
2018-11-28 00:00:00
prion
prion
Cross site scripting
2018-01-18 23:29:00
osv
osv
CVE-2012-6708
2018-01-18 23:29:00
Cross-Site Scripting in jquery
2020-09-01 16:41:46
openvas
openvas
jQuery < 1.9.0 XSS Vulnerability
2018-11-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0737-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0395-1)
2020-03-29 00:00:00
cve
cve
CVE-2012-6708
2018-01-18 23:29:00
nessus
nessus
F5 Networks BIG-IP : jQuery vulnerability (K62532311)
2019-05-29 00:00:00
JQuery < 1.9.0 XSS
2020-03-31 00:00:00
zdt
zdt
Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Vulnerability
2021-03-24 00:00:00
github
github
Cross-Site Scripting in jquery
2020-09-01 16:41:46
redhatcve
redhatcve
CVE-2012-6708
2020-04-08 21:22:26
packetstorm
packetstorm
Linksys EA7500 2.0.8.194281 Cross Site Scripting
2021-03-25 00:00:00
alpinelinux
alpinelinux
CVE-2012-6708
2018-01-18 23:29:00
cvelist
cvelist
CVE-2012-6708
2018-01-18 23:00:00
ubuntucve
ubuntucve
CVE-2012-6708
2018-01-18 00:00:00
exploitdb
exploitdb
Linksys EA7500 2.0.8.194281 - Cross-Site Scripting
2021-03-25 00:00:00
hackerone
hackerone
Ruby: Ruby is shipping a vulnerable jQuery
2019-03-30 14:10:34
fortinet
fortinet
Protect
2019-04-10 00:00:00
archlinux
archlinux
[ASA-201910-4] ruby-rdoc: cross-site scripting
2019-10-02 00:00:00
[ASA-201910-5] ruby2.5: multiple issues
2019-10-02 00:00:00
freebsd
freebsd
RDoc -- multiple jQuery vulnerabilities
2019-08-28 00:00:00
ibm
ibm
kitploit
kitploit
amazon
amazon
Important: ruby24
2020-08-26 23:09:00
ics
ics
Pepperl+Fuchs WirelessHART-Gateway
2022-04-07 12:00:00