CVE-2011-4969

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/jquery

Identifiers

GHSA-579v-mp3v-rrw5, CVE-2011-4969

Package Slug

npm/jquery

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

Affected Versions

All versions before 1.6.3

Solution

Upgrade to version 1.6.3 or above.

Last Modified

2022-09-12

source