漏洞信息详情
JQuery 跨站脚本漏洞
- CNNVD编号:CNNVD-201303-203
- 危害等级: 中危
- CVE编号: CVE-2011-4969
- 漏洞类型: 跨站脚本
- 发布时间: 2013-03-12
- 威胁类型: 远程
- 更新时间: 2022-04-08
- 厂 商: JQuery
- 漏洞来源: CERT@VDE coordinat...
漏洞简介
JQuery是美国程序员John Resig所研发的一套开源、跨浏览器的Javascript库。该库简化了HTML与Javascript之间的操作,并具有模块化、插件扩展等特点。
JQuery 1.6.3之前版本中存在跨站脚本漏洞。当使用location.hash选择元素时,通过特制的标签,远程攻击者利用该漏洞注入任意web脚本或HTML。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://www.ubuntu.com/usn/USN-1722-1/
参考网址
来源:CONFIRM
链接:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20190416-0007/
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2013/01/31/3
来源:CONFIRM
链接:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05232730
来源:MLIST
链接:https://lists.apache.org/thread.HTML/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
来源:BID
链接:http://www.securityfocus.com/bid/58458
来源:CONFIRM
链接:https://github.com/JQuery/JQuery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9
来源:CONFIRM
链接:http://bugs.JQuery.com/ticket/9521
来源:CONFIRM
链接:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
来源:CONFIRM
链接:http://blog.JQuery.com/2011/09/01/JQuery-1-6-3-released/
来源:UBUNTU
链接:http://www.ubuntu.com/usn/USN-1722-1
来源:OSVDB
链接:http://www.osvdb.org/80056
来源:SECTRACK
链接:http://www.securitytracker.com/id/1036620
来源:MISC
链接:http://blog.mindedsecurity.com/2011/07/JQuery-is-sink.HTML
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1519
来源:us-cert.cisa.gov
链接:https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-dojo-and-JQuery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-2/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-dojo-and-JQuery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-3/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2022.1512
受影响实体
补丁
- JQuery 跨站脚本漏洞的修复措施
评论