Miggo Logo
Miggo Vulnerability Database
CVE-2011-4969

CVE-2011-4969: jQuery vulnerable to Cross-Site Scripting (XSS)

4.3

CVSS Score

Basic Information

CVE ID
CVE-2011-4969
GHSA ID
GHSA-579v-mp3v-rrw5
EPSS Score
0.88337%
CWE
CWE-79
Published
5/14/2022
Updated
9/26/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
jquerynpm< 1.6.31.6.3
jQuerynuget< 1.6.31.6.3
jquery-railsrubygems< 1.0.161.0.16
org.webjars.npm:jquerymaven< 1.6.31.6.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from jQuery's selector parsing logic using the quickExpr regex. The original regex (/^(?:[^<](<[\w\W]+>)[^>]$|#([\w-])$)/) allowed HTML injection when a '#' was present in the selector string. Attackers could craft location.hash values like '#<img onerror=alert(1)>' which would be interpreted as HTML creation rather than ID selection. The patched regex (/^(?:[^#<](<[\w\W]+>)[^>]$|#([\w-])$)/) explicitly prioritizes ID selection by excluding '#' characters before checking for HTML tags, as seen in the commit diff and advisory descriptions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in jQu*ry ***or* *.*.*, w**n usin* lo**tion.**s* to s*l**t *l*m*nts, *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* * *r**t** t**.

Reasoning

T** vuln*r**ility st*mm** *rom jQu*ry's s*l**tor p*rsin* lo*i* usin* t** qui*k*xpr r***x. T** ori*in*l r***x (/^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/) *llow** *TML inj**tion w**n * '#' w*s pr*s*nt in t** s*l**tor strin*. *tt**k*rs *oul* *r**t lo**t