Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-4969

Published: 08/03/2013 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Jquery

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in jQuery prior to 1.6.3, when using location.hash to select elements, allows remote malicious users to inject arbitrary web script or HTML via a crafted tag.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jquery jquery 1.6

jquery jquery 1.6.1

jquery jquery

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2011-4969: jQuery 1.6.2 XSS
Debian Bug report logs - #699482 CVE-2011-4969: jQuery 162 XSS Package: jquery; Maintainer for jquery is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Thu, 31 Jan 2013 21:54:02 UTC Severity: important Tags: patch, security, squeez ...
Ubuntu Security Notice: jquery vulnerability
jQuery could be made to expose sensitive information over the network ...

ICS Advisories

Pepperl+Fuchs WirelessHART-Gateway

Github Repositories

https://github.com/FallibleInc/retirejslib

Scan for vulnerabilities in JavaScript libraries you use (Python port of retirejs)

Python port of RetireJS Installation pip install retirejs How to use import retirejs retirejsscan_endpoint("codejquerycom/jquery-16minjs") Sample Output: [{'detection': 'filecontent', 'vulnerabilities': [{'info': ['webnvdnistgov/view/vuln/detail?vulnId=CVE-2

References

CWE-79https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9http://bugs.jquery.com/ticket/9521http://www.ubuntu.com/usn/USN-1722-1http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/http://www.osvdb.org/80056http://www.openwall.com/lists/oss-security/2013/01/31/3http://blog.mindedsecurity.com/2011/07/jquery-is-sink.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730http://www.securityfocus.com/bid/58458http://www.securitytracker.com/id/1036620https://security.netapp.com/advisory/ntap-20190416-0007/https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699482https://usn.ubuntu.com/1722-1/https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-097-01
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook