TRIAL REQUEST A DEMO LOGIN

jQuery - XSS vulnerability under 1.6.3, when using location.hash

Impact area

Security

Severity

High

Affected element

ServiceNow

UI Script

Salesforce

Static Resource


Rule number

SN-JSL-011 (for ServiceNow)

SF-JSL-011 (for Salesforce)

Impact

In versions of jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

Remediation

Update jQuery to the latest version.

Time to fix

30 min

What's here


Related content

JavaScript rules

JavaScript best practices

Common Weakness Enumeration (CWE™)

Vulnerabilities in Open Source Libraries




Last modified on Aug 19, 2020
Copyright © QualityClouds 2021