Is this code vulnerable to DOM based XSS jquery animate?

Question

Is this code vulnerable to DOM based XSS?

The application is using jQuery 1.12.4 and i noticed that Data is read from window.location.hash and passed to $() via the following statements:

var target_ = window.location.hash.substr(1);
$('html, body').animate({ 
    scrollTop: $("." + target_).offset().top - $(".site-header").outerHeight() 
}, 1000);

What payload could I use to trigger an alert box or execute any JS code? Is this code vulnerable or 100% safe?

score 1 · Answer 1 · answered Dec 22 '18 at 11:28

The code snippet you shared above is not vulnerable to DOM-based XSS. jQuery version 1.12.4 is not affected by the selector XSS bug. I highly recommend using http://research.insecurelabs.org/jquery/test/ to determine if a specific version of jQuery is affected by any publicly-disclosed vulnerabilities.

Is this code vulnerable to DOM based XSS jquery animate?

1 Answers1