jQuery 'location.hash' Cross Site Scripting Vulnerability

Bugtraq ID:	58458
Class:	Input Validation Error
CVE:	CVE-2011-4969
Remote:	Yes
Local:	No
Published:	Jan 30 2013 12:00AM
Updated:	Aug 15 2016 03:00PM
Credit:	dmethvin
Vulnerable:	PageLime CMS PageLime CMS 0 jQuery jQuery 1.6.2 jQuery jQuery 1.6.1 HP Version Control Repository Manager 7.4.1 HP Version Control Repository Manager 7.4 HP Version Control Repository Manager 7.3.4 HP Version Control Repository Manager 7.3.1 HP Version Control Repository Manager 7.3 HP Version Control Repository Manager 7.2.2 HP Version Control Repository Manager 7.2.1 HP Version Control Repository Manager 7.2 HP Version Control Repository Manager 7.5.0 HP Version Control Repository Manager 7.3.3 HP Version Control Repository Manager 7.3.2 HP Systems Insight Manager 7.1.1 HP Systems Insight Manager 7.5.0 HP Systems Insight Manager 7.4 HP Systems Insight Manager 7.3.2 HP Systems Insight Manager 7.3.1 HP Systems Insight Manager 7.3 HP Systems Insight Manager 7.2.2 HP Systems Insight Manager 7.2.1 HP Systems Insight Manager 7.2 HP Systems Insight Manager 7.0 HP System Management Homepage 7.5.4 HP System Management Homepage 7.5 HP System Management Homepage 7.4.1 HP System Management Homepage 7.3.2 HP System Management Homepage 7.2.3 HP System Management Homepage 7.2.2 HP System Management Homepage 7.2.1 HP System Management Homepage 7.2 HP System Management Homepage 7.1.2 HP System Management Homepage 7.1.1 HP System Management Homepage 7.4 HP System Management Homepage 7.3.3.1 HP System Management Homepage 7.3.1 HP System Management Homepage 7.3 HP System Management Homepage 7.2.4.1 HP System Management Homepage 7.1 HP System Management Homepage 7.0 HP Server Migration Pack 7.5 HP Integrated Lights-Out 3 firmware 1.85 HP Integrated Lights-Out 3 firmware 1.82 HP Integrated Lights-Out 3 firmware 1.80 HP Integrated Lights-Out 3 firmware 1.65 HP Integrated Lights-Out 3 firmware 1.61 HP Integrated Lights-Out 3 firmware 1.60 HP Integrated Lights-Out 3 firmware 1.57 HP Integrated Lights-Out 3 firmware 1.50 HP Integrated Lights-Out 3 firmware 1.28 HP Integrated Lights-Out 3 2.05 HP Integrated Lights-Out 3 0 HP Insight Control server provisioning 7.4.1 HP Insight Control server provisioning 7.5.0 HP Insight Control server provisioning 7.4.0 HP Insight Control 7.5 HP Insight Control 7.4 HP Insight Control 7.3 HP Insight Control 7.2
Not Vulnerable:	jQuery jQuery 1.6.3 HP Version Control Repository Manager 7.5.1 HP Systems Insight Manager 7.5.1 HP System Management Homepage 7.5.5 HP Server Migration Pack 7.5.1 HP Insight Control server provisioning 7.5.1 HP Insight Control 7.5.1

jQuery 'location.hash' Cross Site Scripting Vulnerability

jQuery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to jQuery 1.6.3 are vulnerable.

jQuery 'location.hash' Cross Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

jQuery 'location.hash' Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

jQuery 'location.hash' Cross Site Scripting Vulnerability

References:

• CVE-2011-4969 jquery: Cross-site scripting (XSS) via $(location.hash) and $(# (Red Hat)
  
• Fixed: XSS with $(location.hash) and $(#) is needed? (jQuery)
  
• jQuery 1.6.2 XSS CVE assignment (oss-sec)
  
• jQuery 1.6.3 Released (jQuery)
  
• jQuery Homepage (jQuery )
  
• HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS) (HP)
  
• HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vu (HP)