The error comes from a call like this:
$('. <img src=x onerror=bad();>')
jQuery will try to create the <img> element, and but it will get an error trying to load it from the nonexistent x URL, and then the bad() function will be called.
This is a jQuery bug because a selector beginning with . is supposed to just try to find an element in the DOM, it shouldn't create new elements. It's acting as if you'd written:
$('<img src=x onerror=bad();>')
which is the syntax for creating an element.
Answer from Barmar on Stack OverflowTenable
tenable.com › plugins › was › 112432
jQuery 1.7.1 < 1.9.0 Cross-Site Scripting<!-- --> | Tenable®
According to its self-reported version number, jQuery is at least 1.7.1 and prior to 1.9.0. Therefore, it may be affected by a cross-site scripting vulnerability due to jQuery(strInput).
GitHub
github.com › TIBCOSoftware › js-workshops › issues › 61
CVE-2020-7656 (Medium) detected in jquery-1.7.1.min.js · Issue #61 · TIBCOSoftware/js-workshops
May 28, 2020 - CVE-2020-7656 - Medium Severity Vulnerability Vulnerable Library - jquery-1.7.1.min.js JavaScript library for DOM operations Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js Path to dependency file: /U...
Published May 28, 2020
Author mend-for-github-com
Snyk
security.snyk.io › snyk vulnerability database › npm › jquery.terminal
jquery.terminal 1.7.1 | Snyk
Security vulnerabilities and package health score for npm package jquery.terminal 1.7.1
Cybersecurity Help
cybersecurity-help.cz › vdb › jquery › jquery › 1.7.1
Known Vulnerabilities in jQuery 1.7.1
List of known vulnerabilities in jQuery in version 1.7.1
CVE Details
cvedetails.com › vulnerability-list › vendor_id-6538 › product_id-11031 › version_id-235564 › Jquery-Jquery-1.7.1.html
Jquery Jquery version 1.7.1 : Security vulnerabilities, CVEs
Security vulnerabilities of Jquery Jquery version 1.7.1
Bugcrowd Forum
forum.bugcrowd.com › bugcrowd discussion
Jquery 1.7.2 Vulnerabilty and Exploits - Bugcrowd Discussion - Bugcrowd Forum
June 13, 2016 - I was testing a website and i have never seen that before, The site is using an out dated version of Jquery 1.7.2 I surfed online and found that it is vuln. to XSS and some where it was written its safe i want to ask …
Exploit-DB
exploit-db.com › exploits › 36124
jQuery - jui_filter_rules PHP Code Execution - PHP remote Exploit
February 19, 2015 - Proof of Concept ================ Using the demo application from the git repository: Executing shell_exec('cat /etc/passwd') Request: POST /ajax_create_sql.dist.php HTTP/1.0 host: http://www.example.com X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Content-Length: 471 a_rules[0][filter_value_conversion_server_side][function_name]=she ll_exec&a_rules[0][condition][filterValue]=&a_rules[0][filte r_value_conversion_server_side][args][0][value]=cat+/etc/pas swd&pst_placeholder=question_mark&a_rules[0][element_rule_id]=foo&use_ ps=yes&a_rules[0][condition][field]
CVE Details
cvedetails.com › version › 1143157 › Jquery-Jquery-Ui-1.7.1.html
Jquery Jquery Ui 1.7.1 security vulnerabilities, CVEs
Jquery Jquery Ui version 1.7.1 security vulnerabilities, CVEs, exploits, vulnerability statistics, CVSS scores and references
GitHub
github.com › YetiForceCompany › YetiForceCRM › issues › 11575
CVE-2012-6708 (Medium) detected in jquery-1.7.1.min.js · Issue #11575 · YetiForceCompany/YetiForceCRM
May 27, 2020 - CVE-2012-6708 - Medium Severity Vulnerability Vulnerable Library - jquery-1.7.1.min.js JavaScript library for DOM operations Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js Path to dependency file: /t...
Author mend-bolt-for-github
GitHub
github.com › finos › openfin-react-hooks › issues › 32
CVE-2012-6708 (Medium) detected in jquery-1.7.1.min.js
December 9, 2019 - In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Author mend-for-github-com
Skepticfx
domstorm.skepticfx.com › modules
DomStorm : jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
// Custom Functions var jQuery_version = ''; function vulnerable(){ addError('jQuery '+ jQuery_version, '<b>Vulnerable</b>'); } function safe(){ addSuccess('jQuery '+ jQuery_version, 'Safe'); } function removeIframe(){ var x = document.getElementById('jQueryFrameID'); x.parentNode.removeChild(x); } // Test Function function test(data){ // We need to separate properties and access one by one. try{ jQuery_version = data; var jQueryFrame = document.createElement('iframe'); jQueryFrame.id = 'jQueryFrameID'; jQueryFrame.onload = function(){ var jQueryScript = jQueryFrame.contentWindow.document.crea
Stack Overflow
stackoverflow.com › questions › 58948802 › vulnerable-javascript-libraries-jquery-1-7-1-js
Vulnerable JavaScript libraries jquery-1.7.1.js - Stack Overflow
Name Version Known issues Identified files jquery 1.7.1 SNYK-npm:jquery:20110606 SNYK-npm:jquery:20150627 SNYK-JS-JQUERY-174006 assets/www/js/jquery-1.7.1.js 3.1.0 SNYK-JS-JQUERY-174006 assets/www/js/jquery.min.js
CVE Details
cvedetails.com › version › 1142992 › Jquery-Jquery-1.7.1.html
Jquery Jquery 1.7.1 security vulnerabilities, CVEs
Jquery Jquery version 1.7.1 security vulnerabilities, CVEs, exploits, vulnerability statistics, CVSS scores and references
GitHub
github.com › finos › cla-bot › issues › 157
CVE-2012-6708 (Medium) detected in jquery-1.7.2.min.js · Issue #157 · finos/cla-bot
October 7, 2019 - CVE-2012-6708 - Medium Severity Vulnerability Vulnerable Library - jquery-1.7.2.min.js JavaScript library for DOM operations Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js Path to dependency file: /t...
Author mend-for-github-com
Snyk
security.snyk.io › snyk vulnerability database › npm
jquery | Snyk
Security vulnerabilities and package health score for npm package jquery
Snyk
security.snyk.io › snyk vulnerability database › npm › jquery
jquery 1.7.2 | Snyk
Security vulnerabilities and package health score for npm package jquery 1.7.2
NIST
nvd.nist.gov › vuln › search › results
NVD - Search and Statistics
This is a potential security issue, you are being redirected to https://nvd.nist.gov · Official websites use .gov A .gov website belongs to an official government organization in the United States
Cybersecurity Help
cybersecurity-help.cz › vdb › SB2020042126
SB2020042126 - Cross-site scripting in jQuery
April 21, 2020 - A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website. Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks...
Cisco Bug Search Tool
bst.cisco.com › quickview › bug › CSCwp85756
Cisco Bug: CSCwp85756 - Vulnerabilities in jquery 3.7.1
June 25, 2025 - We cannot provide a description for this page right now