Cross-site Scripting (XSS) Affecting jquery.migrate package, versions [,1.2.1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cross-site Scripting (XSS) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DOTNET-JQUERYMIGRATE-60229
  • published18 Apr 2013
  • disclosed18 Apr 2013
  • creditUnknown

Introduced: 18 Apr 2013

CVE NOT AVAILABLE CWE-79  (opens in a new tab)

How to fix?

Upgrade jQuery.Migrate to version 1.2.1 or higher.

Overview

Affected versions of jQuery.Migrate are vulnerable to Cross-site Scripting (XSS).

The jquery-migrate package used code from an older jquery library that contained the vulnerable location.hash() function. It was used to select elements, but also allows remote attackers to inject script into the page.

Details

<>

CVSS Base Scores

version 3.1