{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7857?format=json","vulnerability_id":"VCID-zkj3-gw4w-mybq","summary":"XSS via improper selector detection\njQuery's main method in affected versions contains an unreliable way of detecting whether the input to the `jQuery(strInput)` function is intended to be a selector or HTML.","aliases":[{"alias":"GMS-2017-121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23975?format=json","purl":"pkg:npm/jquery@1.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3s9f-prpy-hbcx"},{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-7efr-3g5x-ryfv"},{"vulnerability":"VCID-8mpx-4ueh-qqfv"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-tmjp-8edk-nyh3"},{"vulnerability":"VCID-tvcp-hyc5-57eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.9.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23973?format=json","purl":"pkg:npm/jquery@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xdph-4cg9-6qah"},{"vulnerability":"VCID-zkj3-gw4w-mybq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/155246?format=json","purl":"pkg:npm/jquery@1.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3s9f-prpy-hbcx"},{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-7efr-3g5x-ryfv"},{"vulnerability":"VCID-8mpx-4ueh-qqfv"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-dakh-ccnn-xfan"},{"vulnerability":"VCID-tmjp-8edk-nyh3"},{"vulnerability":"VCID-tvcp-hyc5-57eq"},{"vulnerability":"VCID-xdph-4cg9-6qah"},{"vulnerability":"VCID-zkj3-gw4w-mybq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/155247?format=json","purl":"pkg:npm/jquery@1.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3s9f-prpy-hbcx"},{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-7efr-3g5x-ryfv"},{"vulnerability":"VCID-8mpx-4ueh-qqfv"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-dakh-ccnn-xfan"},{"vulnerability":"VCID-tmjp-8edk-nyh3"},{"vulnerability":"VCID-tvcp-hyc5-57eq"},{"vulnerability":"VCID-xdph-4cg9-6qah"},{"vulnerability":"VCID-zkj3-gw4w-mybq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/155248?format=json","purl":"pkg:npm/jquery@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3s9f-prpy-hbcx"},{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-7efr-3g5x-ryfv"},{"vulnerability":"VCID-8mpx-4ueh-qqfv"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-dakh-ccnn-xfan"},{"vulnerability":"VCID-tmjp-8edk-nyh3"},{"vulnerability":"VCID-tvcp-hyc5-57eq"},{"vulnerability":"VCID-xdph-4cg9-6qah"},{"vulnerability":"VCID-zkj3-gw4w-mybq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/23974?format=json","purl":"pkg:npm/jquery@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3s9f-prpy-hbcx"},{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-7efr-3g5x-ryfv"},{"vulnerability":"VCID-8mpx-4ueh-qqfv"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-dakh-ccnn-xfan"},{"vulnerability":"VCID-tmjp-8edk-nyh3"},{"vulnerability":"VCID-tvcp-hyc5-57eq"},{"vulnerability":"VCID-xdph-4cg9-6qah"},{"vulnerability":"VCID-zkj3-gw4w-mybq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery@1.8.3"}],"references":[{"reference_url":"https://bugs.jquery.com/ticket/11290","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.jquery.com/ticket/11290"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkj3-gw4w-mybq"}