CVE-2012-6708

🗓️ 18 Jan 2018 23:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 1048 Views🌐 WEB

jQuery before 1.9.0 XSS Vulnerabilit

Reporter	Title	Published	Views	Family All 94
IBM Security Bulletins	Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 20 (4.2.0.20)	11 Nov 202411:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery.	14 Feb 202321:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.	21 Mar 202318:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	30 Mar 202620:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI	17 May 202319:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	4 May 202117:43	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)	14 Sep 202215:28	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS	11 Jul 202511:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in JQuery Java Script Library Affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data	6 Dec 202316:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)	14 Sep 202215:28	–	ibm

NVD

Node

jquery jqueryRange<1.9.0

Source	Link
securityfocus	www.securityfocus.com/bid/102792
bugs	www.bugs.jquery.com/ticket/11290
lists	www.lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
packetstormsecurity	www.packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
help	www.help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
snyk	www.snyk.io/vuln/npm:jquery:20120206
github	www.github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
lists	www.lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
lists	www.lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Parameter	Position	Path	Description	CWE
email	request body	LHOST	XSS via form input during login using vulnerable jQuery version, allowing payloads like an image tag in the email field to be executed.	CWE-79
email	request body	LHOST:10080	XSS via form input during login using vulnerable jQuery version, allowing payloads like an image tag in the email field to be executed.	CWE-79

16 Jun 2026 23:48Current

5.8Medium risk

Vulners AI Score5.8

CVSS 24.3

CVSS 36.1

EPSS0.08793

jquery cross-site scripting xss security vulnerability nvd