Multiple jQuery XSS Vulnerabilities Affecting Versions Prior to 1.9.0
First seen 18 Feb 2026, 13:23 UTC
•
•80% similarity
•41
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Two critical Cross-site Scripting (XSS) vulnerabilities in jQuery have been identified, affecting versions prior to 1.9.0 and 1.6.3. CVE-2012-6708 allows attackers to exploit the jQuery(strInput) function due to improper handling of HTML input, while CVE-2011-4969 enables injection of arbitrary scripts via location.hash. Users of these vulnerable jQuery versions are at risk of remote attacks.
ThreatCluster AI
Timeline
2013-03-08
CVE-2011-4969 published
2018-01-18
CVE-2012-6708 published
2026-02-18
Information published about vulnerabilities