View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2012-6708 severity moderate: SUSE including 274 source package names (2.17-17.3:libruby2_5-2_5-2.5.7-4.8.1, 2.17-17.3:ruby2.5-2.5.7-4.8.1, …), 937 product×package rows across 234 product lines (Container bci/ruby, Container suse/rmt-server, … (234 product lines)): Fixed 702, Known Affected 157, Known Not Affected 48, Will Not Fix 30.
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.