CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
jqueryjquery
𝑥
< 1.9.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jquery
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
dne
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
trusty
needed
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libruby2_5-2_5
suse enterprise desktop 15 SP1
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP2
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP3
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP4
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP5
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP6
2.5.7-4.8.1
fixed
suse enterprise desktop 15 SP7
2.5.9-150700.22.16
fixed
suse enterprise sap 15 SP1
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP2
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP3
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP4
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP5
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP6
2.5.7-4.8.1
fixed
suse enterprise sap 15 SP7
2.5.9-150700.22.16
fixed
suse enterprise server 15
2.5.7-4.8.1
fixed
suse enterprise server 15 SP1
2.5.7-4.8.1
fixed
suse enterprise server 15 SP2
2.5.7-4.8.1
fixed
suse enterprise server 15 SP3
2.5.7-4.8.1
fixed
suse enterprise server 15 SP4
2.5.7-4.8.1
fixed
suse enterprise server 15 SP5
2.5.7-4.8.1
fixed
suse enterprise server 15 SP6
2.5.7-4.8.1
fixed
suse enterprise server 15 SP7
2.5.9-150700.22.16
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ruby24
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-debuginfo
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-devel
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-doc
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-irb
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
ruby24-libs
Amazon Linux 1
0:2.4.10-2.12.amzn1
fixed
rubygem24-bigdecimal
Amazon Linux 1
0:1.3.2-2.12.amzn1
fixed
rubygem24-did_you_mean
Amazon Linux 1
0:1.1.0-2.12.amzn1
fixed
rubygem24-io-console
Amazon Linux 1
0:0.4.6-2.12.amzn1
fixed
rubygem24-json
Amazon Linux 1
0:2.0.4-2.12.amzn1
fixed
rubygem24-minitest5
Amazon Linux 1
0:5.10.1-2.12.amzn1
fixed
rubygem24-net-telnet
Amazon Linux 1
0:0.1.1-2.12.amzn1
fixed
rubygem24-power_assert
Amazon Linux 1
0:0.4.1-2.12.amzn1
fixed
rubygem24-psych
Amazon Linux 1
0:2.2.2-2.12.amzn1
fixed
rubygem24-rdoc
Amazon Linux 1
0:5.0.1-2.12.amzn1
fixed
rubygem24-test-unit
Amazon Linux 1
0:3.2.3-2.12.amzn1
fixed
rubygem24-xmlrpc
Amazon Linux 1
0:0.2.1-2.12.amzn1
fixed
rubygems24
Amazon Linux 1
0:2.6.14.4-2.12.amzn1
fixed
rubygems24-devel
Amazon Linux 1
0:2.6.14.4-2.12.amzn1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
ceph
Azure Linux 3.0
0:18.2.2-1.azl3
fixed
python-blinker
Azure Linux 3.0
0:1.7.0-4.azl3
fixed
slf4j
Azure Linux 3.0
0:2.0.7-1.azl3
fixed
References