PT-2018-6041 · Jquery · Jquery

Published

2018-06-04

Updated

2020-09-01

CVE-2017-16011

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: jquery versions prior to 1.9.0

Description: The issue occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. This results in jquery potentially interpreting HTML as selectors when given certain inputs, allowing for client-side code execution.

Recommendations: Update to version 1.9.0 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-64CWE-79

Related Identifiers

CVE-2017-16011

GHSA-2PQJ-H3VJ-PQGW

Affected Products

Jquery

PT-2018-6041 · Jquery · Jquery

CVE-2017-16011

Weakness Enumeration

Related Identifiers

Affected Products

References · 27