GitHub Advisory DatabaseGHSA-HPCF-8VF9-Q4GJjQuery-UI vulnerable to Cross-site Scripting in dialog closeText
0.005 Low
EPSS
Percentile
75.6%
Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.
jQuery-UI is a library for manipulating UI elements via jQuery.
Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.
Recommendation
Upgrade to jQuery-UI 1.12.0 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jquery.ui.combined | lt | 1.12.0 | |
| org.webjars.npm:jquery-ui | lt | 1.12.0 | |
| jquery-ui-rails | lt | 6.0.0 | |
| jquery-ui | lt | 1.12.0 |
References
rhn.redhat.com/errata/RHSA-2016-2932.html
rhn.redhat.com/errata/RHSA-2016-2933.html
rhn.redhat.com/errata/RHSA-2017-0161.html
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
github.com/advisories/GHSA-hpcf-8vf9-q4gj
github.com/jquery-ui-rails/jquery-ui-rails/commit/d504a40538fe5f7998439ad2f8fc5c4a1f843f1c
github.com/jquery/api.jqueryui.com/issues/281
github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
github.com/jquery/jquery-ui/pull/1622
github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2016-7103.yml
jqueryui.com/changelog/1.12.0/
lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E
lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
lists.debian.org/debian-lts-announce/2022/01/msg00014.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
lists.fedoraproject.org/archives/list/[email protected]/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/
lists.fedoraproject.org/archives/list/[email protected]/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
lists.fedoraproject.org/archives/list/[email protected]/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
nvd.nist.gov/vuln/detail/CVE-2016-7103
security.netapp.com/advisory/ntap-20190416-0007/
web.archive.org/web/20200227030100/www.securityfocus.com/bid/104823
www.drupal.org/sa-core-2022-002
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Related
