GoogleOSV:GHSA-2PQJ-H3VJ-PQGWCross-Site Scripting in jquery
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.6%
Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.
Proof of Concept
$("#log").html(
$("element[attribute='<img src />']").html()
);
Recommendation
Update to version 1.9.0 or later.
References
lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html
bugs.jquery.com/ticket/11290
bugs.jquery.com/ticket/12531
bugs.jquery.com/ticket/6429
bugs.jquery.com/ticket/9521
github.com/jquery/jquery
github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59
github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67
github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2012-6708.yml
help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2012-6708
nvd.nist.gov/vuln/detail/CVE-2017-16011
research.insecurelabs.org/jquery/test
security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450223
snyk.io/vuln/npm:jquery:20120206
web.archive.org/web/20200227132049/www.securityfocus.com/bid/102792
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.6%