CVE-2012-6708 in jQueryinfo

Summary

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

01/18/2018

Disclosure

01/18/2018

Moderation

VulDB entry created

Entries

VDB-112185 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

Exploit

Download

CVSS

5.2

EPSS

0.00902

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-6708
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-6708
CVE Details	https://www.cvedetails.com/cve/CVE-2012-6708/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!