JQuery — Cyber Threats, Attacks & Incidents

Threat entity extracted from intelligence sources

Frequency
4
occurrences
First Seen
February 18, 2026
Last Seen
March 17, 2026

JQuery is a technology platform tracked across 3 threat clusters and 4 intelligence report mentions on ThreatCluster. First observed February 18, 2026; most recent activity March 17, 2026.

Related Threat Clusters

Recent Intelligence Reports

  • 6 Malicious Packagist Themes Ship Trojanized jQuery in OphimCMS Supply Chain Attack — Cybersecuritynews · March 17, 2026
  • Open-source vulnerabilities per codebase surge by 107% | news — Scworld · February 26, 2026
  • CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common. — Api.Msrc.Microsoft · February 18, 2026
  • CVE-2011-4969 Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. — Api.Msrc.Microsoft · February 18, 2026

CVSS v3.1 Breakdown