My Oracle Support Banner

Agent Smith Security Vulnerability For ATG Jquery-1.2.3.js (Doc ID 2667376.1)

Last updated on MAY 17, 2020

Applies to:

Oracle Commerce Platform - Version 11.3.1 and later
Information in this document applies to any platform.

Symptoms

On : 11.3.1 version, Other Issues

Agent Smith Veracode enterprise required security scan software has detected a vulnerability for the jquery-1.2.3.js file contained in Oracle Commerce (ATG) 11.3.1


ERROR
-----------------------
Name: CVE-2011-4969

Library: jquery-1.2.3.js

Library Paths: eCommerce_ATG_Apps.ear_depth_1/eCommerce_ATG_Apps/atg_bootstrap/WEB-INF/ATG-INF/DAS/admin/atg/dynamo/admin/javascript/jquery.js
eCommerce_ATG_Apps.ear_depth_1/eCommerce_ATG_Apps/atg_bootstrap/WEB-INF/ATG-INF/DAS/admin/atg/dynamo/admin/javascript/jquery.js

Severity: MEDIUM

Description: Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.


Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.