CVE-2011-4969

Published: 30 January 2013

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

Priority

Medium

Status

Package Release Status
jquery
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.3)
Patches:
Upstream: https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9