CVE-2011-4969
7.3 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.6%
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jquery:jquery | jquery | eq | 1.6 |
| jquery:jquery | jquery | eq | 1.6.1 |
| jquery:jquery | jquery | le | 1.6.2 |
References
blog.jquery.com/2011/09/01/jquery-1-6-3-released/
blog.mindedsecurity.com/2011/07/jquery-is-sink.html
bugs.jquery.com/ticket/9521
www.openwall.com/lists/oss-security/2013/01/31/3
www.osvdb.org/80056
www.securityfocus.com/bid/58458
www.securitytracker.com/id/1036620
www.ubuntu.com/usn/USN-1722-1
github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730
lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
security.netapp.com/advisory/ntap-20190416-0007/
Social References
More
Related
7.3 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.6%