[SECURITY] [DLA 258-1] jqueryui security update

2015-06-29T20:30:26
ID DEBIAN:DLA-258-1:DE6BE
Type debian
Reporter Debian
Modified 2015-06-29T20:30:26

Description

Package : jqueryui Version : 1.8.dfsg-3+deb6u1 CVE ID : CVE-2010-5312

Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its "title" option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.