CVE-2011-4969

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

Published Bysecalert@redhat.com

Published DateMar 08, 2013, 22:55

Affected Versions(4)

jquery(npm)

Introduced0

Fixed1.6.3

LimitN/A

jQuery(NuGet)

Introduced0

Fixed1.6.3

LimitN/A

jquery-rails(RubyGems)

Introduced0

Fixed1.0.16

LimitN/A

org.webjars.npm:jquery(Maven)

Introduced0

Fixed1.6.3

LimitN/A

Package (Ecosystem)	Fixed	Limit
jquery(npm)	1.6.3	N/A
jQuery(NuGet)	1.6.3	N/A
jquery-rails(RubyGems)	1.0.16	N/A
org.webjars.npm:jquery(Maven)	1.6.3	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

4.3

Vector String

AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE

References

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

4.3

Vector String

AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE