Description

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

Remediation

References

CVE-2011-4969

Related Vulnerabilities

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6635)

MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7566)

Atlassian Jira Deserialization of Untrusted Data Vulnerability (CVE-2020-14172)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4340)

MySQL CVE-2012-0574 Vulnerability (CVE-2012-0574)

Severity

Medium

Classification

CVE-2011-4969 CWE-707

Tags

Missing Update Known Vulnerabilities