CVE-2011-4969
Published: 30 January 2013
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Priority
Status
Package | Release | Status |
---|---|---|
jquery Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(1.3.3-2ubuntu1.2)
|
|
oneiric |
Released
(1.6.2-1ubuntu2.2)
|
|
precise |
Not vulnerable
(1.7.1-1ubuntu1)
|
|
quantal |
Not vulnerable
(1.7.2+debian-1ubuntu1)
|
|
upstream |
Released
(1.6.3)
|
|
Patches: upstream: https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9 |