GHSA-579v-mp3v-rrw5

Source

https://github.com/advisories/GHSA-579v-mp3v-rrw5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-579v-mp3v-rrw5/GHSA-579v-mp3v-rrw5.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-579v-mp3v-rrw5

Aliases

CVE-2011-4969

Published

2022-05-14T01:09:51Z

Modified

2026-01-15T02:22:49.784258Z

Summary

jQuery vulnerable to Cross-Site Scripting (XSS)

Details

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-12T14:46:34Z",
    "nvd_published_at": "2013-03-08T22:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

npm / jquery

Package

Name: jquery; View open source insights on deps.dev
Purl: pkg:npm/jquery

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-579v-mp3v-rrw5/GHSA-579v-mp3v-rrw5.json"

NuGet / jQuery

Package

Name: jQuery; View open source insights on deps.dev
Purl: pkg:nuget/jQuery

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.3

Affected versions

1.*

1.4.1

1.4.2

1.4.3

1.4.4

1.5.0

1.5.1

1.5.2

1.6.0

1.6.1

1.6.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-579v-mp3v-rrw5/GHSA-579v-mp3v-rrw5.json"

RubyGems / jquery-rails

Package

Name: jquery-rails
Purl: pkg:gem/jquery-rails

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.16

Affected versions

0.*

0.1.1

0.1.2

0.1.3

0.2

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

1.*

1.0.rc

1.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-579v-mp3v-rrw5/GHSA-579v-mp3v-rrw5.json"

Maven / org.webjars.npm:jquery

Package

Name: org.webjars.npm:jquery; View open source insights on deps.dev
Purl: pkg:maven/org.webjars.npm/jquery

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-579v-mp3v-rrw5/GHSA-579v-mp3v-rrw5.json"