CVE-2012-6708

Name of the Vulnerable Software and Affected Versions jquery versions prior to 1.9.0

Description The issue is related to the jQuery function not properly differentiating between HTML and selectors, allowing for cross-site scripting attacks. In vulnerable versions, jQuery determines whether the input is HTML by looking for the '<' character anywhere in the string, giving attackers flexibility when constructing a malicious payload. This can lead to client-side code execution. The estimated number of potentially affected devices is not specified.

Recommendations Update to version 1.9.0 or later. As a temporary workaround, consider restricting the use of the vulnerable jquery function until a patch is available. Avoid using the jquery function with untrusted input to minimize the risk of exploitation.