JavaScript Hijacking Vulnerability in jQuery by jQuery Foundation
CVE-2007-2379

Currently unrated

Key Information:

Vendor: Jquery
Status: Jquery
Vendor: CVE Published:; 30 April 2007

Summary

The jQuery framework allows the exchange of data using JSON without adequate protection mechanisms. This vulnerability enables remote attackers to exploit web pages that load JSON data through the SRC attribute of a SCRIPT element. By doing so, they can capture sensitive data using their own JavaScript code, effectively performing a JavaScript Hijacking attack. This weakness emphasizes the need for robust security measures within web applications to prevent unauthorized data access.

References

http://www.fortifysoftware.com/servlet/downloads/public/J...

x_refsource_MISC

http://osvdb.org/43320

vdb-entryx_refsource_OSVDB

https://security.netapp.com/advisory/ntap-20190416-0007/

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 30, 2007
Vulnerability Reserved
Apr 30, 2007