Cross-site Scripting Vulnerability in jQuery by jQuery Foundation
CVE-2011-4969

Currently unrated

Key Information:

Vendor: Jquery
Status: Jquery
Vendor: CVE Published:; 8 March 2013

Summary

A cross-site scripting (XSS) vulnerability exists in jQuery versions prior to 1.6.3, specifically when employing location.hash to select DOM elements. This flaw allows remote attackers to inject arbitrary web scripts or HTML content, potentially leading to unauthorized actions on behalf of affected users or session hijacking. Users leveraging earlier jQuery versions are strongly encouraged to update to the latest iteration to mitigate this security concern and enhance overall web application security.

References

http://www.securitytracker.com/id/1036620

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/80056

vdb-entryx_refsource_OSVDB

http://bugs.jquery.com/ticket/9521

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 8, 2013
Vulnerability Reserved
Dec 23, 2011