GSA_kwCzR0hTQS01Nzl2LW1wM3YtcnJ3Nc4AATnF

Moderate EPSS: 0.03416% (0.86993 Percentile) EPSS:

Permalink JSON

jQuery vulnerable to Cross-Site Scripting (XSS)

Affected Packages	Affected Versions	Fixed Versions
maven:org.webjars.npm:jquery	< 1.6.3	1.6.3
459 Dependent packages 216 Dependent repositories Affected Version Ranges All affected versions All unaffected versions 1.7.2, 1.7.3, 1.8.2, 1.8.3, 1.9.1, 1.11.0, 1.11.1, 1.11.3, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 2.1.0, 2.1.1, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.7.0, 3.7.1
rubygems:jquery-rails	< 1.0.16	1.0.16
1,568 Dependent packages 576,659 Dependent repositories 275,455,823 Downloads total Affected Version Ranges All affected versions 0.1.1, 0.1.2, 0.1.3, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15 All unaffected versions 1.0.16, 1.0.17, 1.0.18, 1.0.19, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.4.0, 4.5.0, 4.5.1, 4.6.0
nuget:jQuery	< 1.6.3	1.6.3
290 Dependent packages 1,276 Dependent repositories 219,787,035 Downloads total Affected Version Ranges All affected versions 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.6.2 All unaffected versions 1.6.3, 1.6.4, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 3.0.0, 3.1.0, 3.1.1, 3.2.1, 3.3.1, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.6.3, 3.6.4, 3.7.0, 3.7.1
npm:jquery	< 1.6.3	1.6.3
28,173 Dependent packages 998,742 Dependent repositories 65,012,316 Downloads last month Affected Version Ranges All affected versions 1.5.1, 1.6.2 All unaffected versions 1.6.3, 1.7.2, 1.7.3, 1.8.2, 1.8.3, 1.9.1, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 3.0.0, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.7.0, 3.7.1

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

References:

Identifiers

GHSA-579v-mp3v-rrw5

CVE-2011-4969

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.03416

EPSS Percentile: 0.86993

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/jquery/jquery

Date and time

Published

about 3 years ago

Updated

almost 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS01Nzl2LW1wM3YtcnJ3Nc4AATnF

jQuery vulnerable to Cross-Site Scripting (XSS)

Affected Version Ranges

All affected versions

All unaffected versions

Affected Version Ranges

All affected versions

All unaffected versions

Affected Version Ranges

All affected versions

All unaffected versions

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Repository

Date and time

Published

Updated

API