ThreatCluster

Multiple jQuery XSS Vulnerabilities Affecting Versions Prior to 1.9.0

First seen 18 Feb 2026, 13:23 UTC Api.Msrc.Microsoft 80% similarity 41

Article Content

Browse articles
ThreatCluster

Two critical Cross-site Scripting (XSS) vulnerabilities in jQuery have been identified, affecting versions prior to 1.9.0 and 1.6.3. CVE-2012-6708 allows attackers to exploit the jQuery(strInput) function due to improper handling of HTML input, while CVE-2011-4969 enables injection of arbitrary scripts via location.hash. Users of these vulnerable jQuery versions are at risk of remote attacks.

ThreatCluster AI

Timeline

2013-03-08
CVE-2011-4969 published
2018-01-18
CVE-2012-6708 published
2026-02-18
Information published about vulnerabilities

Community

Browse all →