Search for packages
| purl | pkg:maven/org.webjars.npm/jquery@1.7.1 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-q1qe-zr6p-aaap
Aliases: CVE-2012-6708 GHSA-2pqj-h3vj-pqgw |
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. |
Affected by 0 other vulnerabilities. Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-01-17T02:29:00.419655+00:00 | GHSA Importer | Affected by | VCID-q1qe-zr6p-aaap | None | 35.1.0 |
| 2024-09-17T22:41:05.612985+00:00 | GitLab Importer | Affected by | VCID-q1qe-zr6p-aaap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars.npm/jquery/CVE-2012-6708.yml | 34.0.1 |
| 2024-01-03T18:03:27.419359+00:00 | GitLab Importer | Affected by | VCID-q1qe-zr6p-aaap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars.npm/jquery/CVE-2012-6708.yml | 34.0.0rc1 |