-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2012-6708.yml
More file actions
32 lines (31 loc) · 1.11 KB
/
CVE-2012-6708.yml
File metadata and controls
32 lines (31 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
gem: jquery-rails
framework: rails
cve: 2012-6708
ghsa: 2pqj-h3vj-pqgw
url: https://nvd.nist.gov/vuln/detail/cve-2012-6708
title: Cross-Site Scripting in jquery
date: 2020-09-01
description: |
Affected versions of `jquery` are vulnerable to cross-site scripting.
This occurs because the main `jquery` function uses a regular expression
to differentiate between HTML and selectors, but does not properly anchor
the regular expression. The result is that `jquery` may interpret HTML
as selectors when given certain inputs, allowing for client side code
execution.
## Proof of Concept
$("#log").html(
$("element[attribute='<img src=\"x\" onerror=\"alert(1)\" />']").html()
);
cvss_v2: 4.3
cvss_v3: 6.1
patched_versions:
- "~> 2.1.4"
- ">= 2.2.0"
related:
url:
- https://nvd.nist.gov/vuln/detail/cve-2012-6708
- https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59
- https://github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67
- https://github.com/advisories/GHSA-2pqj-h3vj-pqgw
notes: "Found 2 jquery-rails in GHSA database."