{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38519?format=json","vulnerability_id":"VCID-ue1p-vegh-6yf8","summary":"XSS via improper selector detection\njQuery's main method in affected versions contains an unreliable way of detecting whether the input to the `jQuery(strInput)` function is intended to be a selector or HTML.","aliases":[{"alias":"GMS-2017-121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53381?format=json","purl":"pkg:npm/jquery@1.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-84eq-cq89-9qhm"},{"vulnerability":"VCID-9e23-dwm9-bbgb"},{"vulnerability":"VCID-r2sb-3qt6-myfh"},{"vulnerability":"VCID-u8ss-1ww3-zbe4"},{"vulnerability":"VCID-vjrr-h9sh-3bcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.9.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53379?format=json","purl":"pkg:npm/jquery@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q6r-ucwf-3ff7"},{"vulnerability":"VCID-ue1p-vegh-6yf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/204068?format=json","purl":"pkg:npm/jquery@1.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q6r-ucwf-3ff7"},{"vulnerability":"VCID-84eq-cq89-9qhm"},{"vulnerability":"VCID-9e23-dwm9-bbgb"},{"vulnerability":"VCID-r2sb-3qt6-myfh"},{"vulnerability":"VCID-u8ss-1ww3-zbe4"},{"vulnerability":"VCID-ue1p-vegh-6yf8"},{"vulnerability":"VCID-vjrr-h9sh-3bcu"},{"vulnerability":"VCID-zcsa-9r77-7ybx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/204069?format=json","purl":"pkg:npm/jquery@1.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q6r-ucwf-3ff7"},{"vulnerability":"VCID-84eq-cq89-9qhm"},{"vulnerability":"VCID-9e23-dwm9-bbgb"},{"vulnerability":"VCID-r2sb-3qt6-myfh"},{"vulnerability":"VCID-u8ss-1ww3-zbe4"},{"vulnerability":"VCID-ue1p-vegh-6yf8"},{"vulnerability":"VCID-vjrr-h9sh-3bcu"},{"vulnerability":"VCID-zcsa-9r77-7ybx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/204070?format=json","purl":"pkg:npm/jquery@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q6r-ucwf-3ff7"},{"vulnerability":"VCID-84eq-cq89-9qhm"},{"vulnerability":"VCID-9e23-dwm9-bbgb"},{"vulnerability":"VCID-r2sb-3qt6-myfh"},{"vulnerability":"VCID-u8ss-1ww3-zbe4"},{"vulnerability":"VCID-ue1p-vegh-6yf8"},{"vulnerability":"VCID-vjrr-h9sh-3bcu"},{"vulnerability":"VCID-zcsa-9r77-7ybx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/53380?format=json","purl":"pkg:npm/jquery@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q6r-ucwf-3ff7"},{"vulnerability":"VCID-84eq-cq89-9qhm"},{"vulnerability":"VCID-9e23-dwm9-bbgb"},{"vulnerability":"VCID-r2sb-3qt6-myfh"},{"vulnerability":"VCID-u8ss-1ww3-zbe4"},{"vulnerability":"VCID-ue1p-vegh-6yf8"},{"vulnerability":"VCID-vjrr-h9sh-3bcu"},{"vulnerability":"VCID-zcsa-9r77-7ybx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.8.3"}],"references":[{"reference_url":"https://bugs.jquery.com/ticket/11290","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.jquery.com/ticket/11290"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ue1p-vegh-6yf8"}