Cross-Site Scripting Vulnerability in jQuery 1.4.2 by jQuery Team
CVE-2014-6071

6.1MEDIUM

Key Information:

Vendor

Jquery

Status
Jquery
Vendor
CVE Published:
16 January 2018

What is CVE-2014-6071?

A vulnerability in jQuery version 1.4.2 allows remote attackers to exploit cross-site scripting (XSS) weaknesses via specific vectors related to the inappropriate use of the 'text' method within 'after' functionality. This flaw can lead to unauthorized script execution in the context of the affected web application, potentially compromising the integrity of user data and leading to further attacks against users.

References

http://seclists.org/fulldisclosure/2014/Sep/10
mailing-listx_refsource_FULLDISC
https://help.ecostruxureit.com/display/public/UADCE725/Se...
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1136683
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.