CVE-2012-6708 - Vulnerability Details

Threat entity extracted from intelligence sources

Frequency
1
occurrences
First Seen
February 18, 2026
Last Seen
February 18, 2026

CVE-2012-6708 is a vulnerability tracked across 1 threat cluster and 1 intelligence report mention on ThreatCluster. First observed February 18, 2026; most recent activity February 18, 2026.

Related Threat Clusters

Recent Intelligence Reports

  • CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common. — Api.Msrc.Microsoft · February 18, 2026

Related Entities

CVSS v3.1 Breakdown