CVE-2011-4969
published 2013-03-08CVE-2011-4969: Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web…
PriorityP428medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
19.19%
97.0th percentile
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Pepperl+Fuchs WirelessHART-Gateway
cisa_ics·2022-04-07·CVSS 7.5
[HIGH] Pepperl+Fuchs WirelessHART-Gateway
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Pepperl+Fuchs WirelessHART-Gateway
Last RevisedApril 07, 2022
Alert CodeICSA-22-097-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Pepperl+Fuchs
- Equipment: WirelessHART-Gateway
- Vulnerabilities: Use of Hard-coded Credentials, Uncontrolled Resource Consumption, Reliance on Reverse DNS Resolution for a Security-critical Action, Path Traversal, Cross-site Scripting, Exposure of Sensitive Information to an Unauthorized Actor, Cleartext Storage of Sensitive Information in a Cookie, HTTP Request Smuggling, Sensitive Co
Jenkins
Jenkins Security Advisory 2017-02-01
vendor_jenkins·2017-02-01·CVSS 4.3
CVE-2011-4969 [MEDIUM] Jenkins Security Advisory 2017-02-01
Title: Jenkins Security Advisory 2017-02-01
Jenkins Security Advisory 2017-02-01
This advisory announces multiple vulnerabilities in Jenkins.
Description
Use of AES ECB block cipher mode without IV for encrypting secrets
SECURITY-304 / CVE-2017-2598
Secrets such as passwords are typically stored on disk and sent to users as part of some pages in encrypted form. These were encrypted using AES-128 ECB without IV, which exposes Jenkins and the stored secrets to unnecessary risks. Jenkins now encrypts secrets using AES-128 CBC with random IV.
Items could be created with same name as existing item
SECURITY-321 / CVE-2017-2599
An insufficient permission check allowed users with the permission to create new items (e.g. jobs) to overwrite
Ubuntu
jQuery vulnerability
vendor_ubuntu·2013-02-13
CVE-2011-4969 jQuery vulnerability
Title: jQuery vulnerability
Summary: jQuery could be made to expose sensitive information over the network.
It was discovered that jQuery incorrectly handled selecting elements using
location.hash, resulting in a possible cross-site scripting (XSS) issue.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing a specially crafted page, a remote attacker could exploit this to
modify the contents, or steal confidential data, within the same domain.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
jquery: Cross-site scripting (XSS) via $(location.hash) and $(#<tag>)
vendor_redhat·2011-06-06·CVSS 4.3
CVE-2011-4969 [MEDIUM] CWE-79 jquery: Cross-site scripting (XSS) via $(location.hash) and $(#<tag>)
jquery: Cross-site scripting (XSS) via $(location.hash) and $(#)
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Package: js-jquery (Red Hat Process Automation 7) - Out of support scope
OSV
jQuery vulnerable to Cross-Site Scripting (XSS)
osv·2022-05-14
CVE-2011-4969 [MEDIUM] jQuery vulnerable to Cross-Site Scripting (XSS)
jQuery vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
GHSA
jQuery vulnerable to Cross-Site Scripting (XSS)
ghsa·2022-05-14
CVE-2011-4969 [MEDIUM] CWE-79 jQuery vulnerable to Cross-Site Scripting (XSS)
jQuery vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
GHSA
GHSA-8335-5x6w-v3pw: Cross-site scripting (XSS) vulnerability in Drupal 6
ghsa_unreviewed·2022-05-05·CVSS 4.3
CVE-2013-0244 [MEDIUM] CWE-79 GHSA-8335-5x6w-v3pw: Cross-site scripting (XSS) vulnerability in Drupal 6
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.
OSV
CVE-2011-4969: Cross-site scripting (XSS) vulnerability in jQuery before 1
osv·2013-03-08·CVSS 4.3
CVE-2011-4969 [MEDIUM] CVE-2011-4969: Cross-site scripting (XSS) vulnerability in jQuery before 1
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-4969 jquery: Cross-site scripting (XSS) via $(location.hash) and $(#<tag>)
bugzilla·2013-02-01·CVSS 4.3
CVE-2011-4969 [MEDIUM] CVE-2011-4969 jquery: Cross-site scripting (XSS) via $(location.hash) and $(#<tag>)
CVE-2011-4969 jquery: Cross-site scripting (XSS) via $(location.hash) and $(#)
A cross-site scripting (XSS) flaw was found in the way jQuery, a fast, small, and feature-rich JavaScript library, performed sanitization of location.hash and arguments in certain circumstances. A remote attacker could provide a specially-crafted web page to a web-based application using the jQuery library that, when processed would lead to arbitrary HTML or web script execution in the context of logged-in user session.
Upstream bug report:
[1] http://bugs.jquery.com/ticket/9521
References:
[2] http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
[3] http://www.openwall.com/lists/oss-security/2013/01/31/3
Discussion:
Created drupal7-jquery_update tracking bugs for this issue
Affects: fedora-all [bug 89
Bugzilla
CVE-2011-4969 drupal7-jquery_update: JQuery < 1.6.3 XSS flaw [epel-all]
bugzilla·2013-01-17·CVSS 4.3
CVE-2011-4969 [MEDIUM] CVE-2011-4969 drupal7-jquery_update: JQuery < 1.6.3 XSS flaw [epel-all]
CVE-2011-4969 drupal7-jquery_update: JQuery < 1.6.3 XSS flaw [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affe
Bugzilla
drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001)
bugzilla·2013-01-17
[MEDIUM] drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001)
drupal6, drupal7: Multiple security flaws fixed in upstream 6.28 and 7.19 versions (SA-CORE-2013-001)
Drupal upstream has released 6.28 and 7.19 versions to correct multiple security issues ([1]):
* Cross-site scripting (Various core and contributed modules - Drupal 6 and 7):
A reflected cross-site scripting vulnerability (XSS) was identified in certain Drupal JavaScript functions that pass unexpected user input into jQuery causing it to insert HTML into the page when the intended behavior is to select DOM elements. Multiple core and contributed modules are affected by this issue.
jQuery versions 1.6.3 and higher provide protection against common forms of this problem; thus, the vulnerability is mitigated if your site has upgraded to a recent version of jQuery. However, the versions of
Bugzilla
CVE-2011-4969 drupal7-jquery_update: JQuery < 1.6.3 XSS flaw [fedora-all]
bugzilla·2013-01-17·CVSS 4.3
CVE-2011-4969 [MEDIUM] CVE-2011-4969 drupal7-jquery_update: JQuery < 1.6.3 XSS flaw [fedora-all]
CVE-2011-4969 drupal7-jquery_update: JQuery < 1.6.3 XSS flaw [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects
CTF
hashes / README
ctf_writeups·2014·CVSS 4.3
CVE-2011-4969 [MEDIUM] hashes / README
# CSAW CTF 2014: hashes
**Category:** Web
**Points:** 300
**Description:**
> location, location, location
>
> Chal is very very stable. If you were scanning the site while I was doing dev work your requests are probably being dropped.
>
>
>
> Written by ColdHeat
## Write-up
The linked page uses an old version of the jQuery library (v1.6.1), [which enables an XSS vulnerability when e.g. `$('#' + userContent)` is called](http://bugs.jquery.com/ticket/9521) ([CVE-2011-4969](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969)). The page also contains this script:
```js
$(window).bind( 'hashchange', function(e) {
$('.image').hide()
tag = window.location.hash
$(tag).show()
});
tag = window.location.hash
$(tag).show()
```
This makes it possible to inject arbitrary JavaScript sim
http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/http://blog.mindedsecurity.com/2011/07/jquery-is-sink.htmlhttp://bugs.jquery.com/ticket/9521http://www.openwall.com/lists/oss-security/2013/01/31/3http://www.osvdb.org/80056http://www.securityfocus.com/bid/58458http://www.securitytracker.com/id/1036620http://www.ubuntu.com/usn/USN-1722-1https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20190416-0007/http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/http://blog.mindedsecurity.com/2011/07/jquery-is-sink.htmlhttp://bugs.jquery.com/ticket/9521http://www.openwall.com/lists/oss-security/2013/01/31/3http://www.osvdb.org/80056http://www.securityfocus.com/bid/58458http://www.securitytracker.com/id/1036620http://www.ubuntu.com/usn/USN-1722-1https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20190416-0007/
2013-03-08
Published