jQuery – CVE-2011-4969

Home » Blog » jQuery – CVE-2011-4969

Description

Kayran has detected that the version of the jQuery you use is vulnerable to Cross-site Scripting attacks (XSS).
This can be done by using location.hash to select elements.

This vulnerability allows remote attackers to inject arbitrary web scripts or HTML via crafted tags.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Recommendation

Upgrade the version of the jquery you use.
Since it exists only in versions up until 1.6.3, make sure you upgrade to version higher than 1.6.3.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4969

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Injection Attacks – You better inject yourself before you get-hacked yourself

Besides the most creative title you’ve ever seen, there are many things we do not like that we can talk about, in this case, we

Zeroed In – Zero-Day Attacks

If you are familiar with programming, you know that Zero ([0]) is usually the starting point of arrays, that is called Zero-based numbering, what does

Continuous Scanning and Monitoring – the Why’s

You are given tools, these tools allow you to maintain your house, will you “fix” things when they break only once? or will you keep

WAF – Web Application Firewall

WAF, which stands for Web Application Firewall, helps protect web-based applications by blocking and preventing many common types of attacks which would otherwise have been

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

WEB APPLICATION VULNERABILITY SCANNER