jQuery - XSS vulnerability under 1.6.3, when using location.hash
Impact area
Security
Severity
High
Affected element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number
SN-JSL-011 (for ServiceNow)
SF-JSL-011 (for Salesforce)
Impact
In versions of jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Remediation
Update jQuery to the latest version.
Time to fix
30 min