Moderate severityNVD Advisory· Published Mar 8, 2013· Updated Jun 16, 2026
CVE-2011-4969
CVE-2011-4969
Description
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jquerynpm | < 1.6.3 | 1.6.3 |
jQueryNuGet | < 1.6.3 | 1.6.3 |
jquery-railsRubyGems | < 1.0.16 | 1.0.16 |
org.webjars.npm:jqueryMaven | < 1.6.3 | 1.6.3 |
Affected products
8- osv-coords5 versionspkg:deb/debian/jquery?arch=sourcepkg:gem/jquery-railspkg:maven/org.webjars.npm/jquerypkg:npm/jquerypkg:nuget/jquery
< 1.6.4-1+ 4 more
- (no CPE)range: < 1.6.4-1
- (no CPE)range: < 1.0.16
- (no CPE)range: < 1.6.3
- (no CPE)range: < 1.6.3
- (no CPE)range: < 1.6.3
Patches
Vulnerability mechanics
References
21- github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9nvdExploitPatchWEB
- github.com/advisories/GHSA-579v-mp3v-rrw5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4969ghsaADVISORY
- blog.jquery.com/2011/09/01/jquery-1-6-3-releasedghsaWEB
- blog.mindedsecurity.com/2011/07/jquery-is-sink.htmlnvdWEB
- bugs.jquery.com/ticket/9521nvdWEB
- www.openwall.com/lists/oss-security/2013/01/31/3nvdWEB
- www.ubuntu.com/usn/USN-1722-1nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2011-4969.ymlghsaWEB
- lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20190416-0007ghsaWEB
- security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450224ghsaWEB
- blog.jquery.com/2011/09/01/jquery-1-6-3-released/nvd
- www.osvdb.org/80056nvd
- www.securityfocus.com/bid/58458nvd
- www.securitytracker.com/id/1036620nvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3Envd
- security.netapp.com/advisory/ntap-20190416-0007/nvd
News mentions
0No linked articles in our index yet.