CVE-2012-6708
cross-site scripting vulnerability in jquery
What is CVE-2012-6708 About?
This vulnerability in `jquery` allows for cross-site scripting (XSS) due to an improperly anchored regular expression in the main `jquery` function. This can lead to client-side code execution by interpreting maliciously crafted HTML as selectors. Exploitation is relatively easy if an attacker can control input passed to the `jquery` function.
Affected Software
- jquery
- <1.9.0
- org.webjars.npm:jquery
- <1.9.0
- jQuery
- <1.9.0
- jquery-rails
- <2.2.0
Technical Details
The vulnerability arises because the main `jquery` function uses a regular expression to distinguish between HTML content and CSS selectors. However, this regular expression is not properly anchored, meaning its pattern matching is not strictly confined to the beginning or end of the input string. This flaw enables an attacker to craft a string that appears to be HTML but is interpreted as a selector by `jquery`. When `jquery` processes this malformed input, it misinterprets the HTML as a selector, leading to the execution of embedded client-side code, typically JavaScript, in the user's browser.
What is the Impact of CVE-2012-6708?
Successful exploitation may allow attackers to execute arbitrary client-side script in the user's browser, leading to session hijacking, defacement of the website, sensitive data exposure, or redirection to malicious sites.
What is the Exploitability of CVE-2012-6708?
Exploitation of this XSS vulnerability would likely be of moderate complexity, requiring an attacker to inject specially crafted input into a web application that uses vulnerable versions of `jquery`. No specific authentication or privilege is required for the attacker beyond the ability to submit data that the application then processes with `jquery`. This is a remote vulnerability, as the attacker would typically inject the payload through a web form or URL parameter. The primary condition is that the application must parse user-supplied input using the main `jquery` function without proper input sanitization, allowing the malformed HTML/selector string to be processed. The risk factor increases significantly in applications that reflect user input without proper encoding or sanitization.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2012-6708?
Available Upgrade Options
- org.webjars.npm:jquery
- <1.9.0 → Upgrade to 1.9.0
- jquery-rails
- <2.2.0 → Upgrade to 2.2.0
- jquery
- <1.9.0 → Upgrade to 1.9.0
- jQuery
- <1.9.0 → Upgrade to 1.9.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-2pqj-h3vj-pqgw
- http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
- https://bugs.jquery.com/ticket/12531
- https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59
- http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
- https://github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67
- https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
- https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
- https://nvd.nist.gov/vuln/detail/CVE-2012-6708
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
What are Similar Vulnerabilities to CVE-2012-6708?
Similar Vulnerabilities: CVE-2015-9251 , CVE-2019-11358 , CVE-2020-11022 , CVE-2020-11023 , CVE-2016-10702
