Lucene search

[email protected]CVE-2010-5312

HistoryNov 24, 2014 - 4:59 p.m.

CVE-2010-5312

2014-11-2416:59:00

CWE-79

[email protected]

web.nvd.nist.gov

143

cve-2010-5312

cross-site scripting

xss

jquery.ui.dialog.js

jquery ui

nvd

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

Affected configurations

NVD

Node

debiandebian_linuxMatch7.0

Node

jqueryuijquery_uiRange<1.10.0jquery

Node

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

Node

netappsnapcenterMatch-

Node

apachedrillMatch1.16.0

Node

drupaldrupalRange7.0–7.86

Node

debiandebian_linuxMatch9.0

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq7.0

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	7.0

References

bugs.jqueryui.com/ticket/6016

rhn.redhat.com/errata/RHSA-2015-0442.html

rhn.redhat.com/errata/RHSA-2015-1462.html

seclists.org/oss-sec/2014/q4/613

seclists.org/oss-sec/2014/q4/616

www.debian.org/security/2015/dsa-3249

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.securityfocus.com/bid/71106

www.securitytracker.com/id/1037035

exchange.xforce.ibmcloud.com/vulnerabilities/98696

github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

lists.debian.org/debian-lts-announce/2022/01/msg00014.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

security.netapp.com/advisory/ntap-20190416-0007/

www.drupal.org/sa-core-2022-002

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2010-5312

nessus17 debian4 debiancve1 openvas18 mageia1 osv3 fedora5 alpinelinux1 atlassian2 cvelist1 securityvulns2 github1 ubuntucve1 nvd1 prion1 veracode1 redhat2 f51 ibm4 oraclelinux2 centos2 threatpost1 drupal1 oracle1