Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3230-1:233EC
HistoryDec 07, 2022 - 10:30 a.m.

[SECURITY] [DLA 3230-1] jqueryui security update

2022-12-0710:30:00
lists.debian.org
25

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON

Debian LTS Advisory DLA-3230-1 [email protected]
https://www.debian.org/lts/security/ Utkarsh Gupta
December 07, 2022 https://wiki.debian.org/LTS

Package : jqueryui
Version : 1.12.1+dfsg-5+deb10u1
CVE ID : CVE-2021-41182 CVE-2021-41183 CVE-2021-41184
CVE-2022-31160
Debian Bug : 1015982

jQuery-UI, the official jQuery user interface library, is a curated set
of user interface interactions, effects, widgets, and themes built on top
of jQuery were reported to have the following vulnerabilities.

CVE-2021-41182

jQuery-UI was accepting the value of the `altField` option of the
Datepicker widget from untrusted sources may execute untrusted code.
This has been fixed and now any string value passed to the `altField`
option is now treated as a CSS selector.

CVE-2021-41183

jQuery-UI was accepting the value of various `*Text` options of the
Datepicker widget from untrusted sources may execute untrusted code.
This has been fixed and now the values passed to various `*Text`
options are now always treated as pure text, not HTML.

CVE-2021-41184

jQuery-UI was accepting the value of the `of` option of the
`.position()` util from untrusted sources may execute untrusted code.
This has been fixed and now any string value passed to the `of`
option is now treated as a CSS selector.

CVE-2022-31160

jQuery-UI was potentially vulnerable to cross-site scripting.
Initializing a checkboxradio widget on an input enclosed within a
label makes that parent label contents considered as the input label.
Calling `.checkboxradio( "refresh" )` on such a widget and the initial
HTML contained encoded HTML entities will make them erroneously get
decoded. This can lead to potentially executing JavaScript code.

For Debian 10 buster, these problems have been fixed in version
1.12.1+dfsg-5+deb10u1.

We recommend that you upgrade your jqueryui packages.

For the detailed security status of jqueryui please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jqueryui

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10alllibjs-jquery-ui-docs< 1.12.1+dfsg-5+deb10u1libjs-jquery-ui-docs_1.12.1+dfsg-5+deb10u1_all.deb
Debian10allnode-jquery-ui< 1.12.1+dfsg-5+deb10u1node-jquery-ui_1.12.1+dfsg-5+deb10u1_all.deb
Debian11alllibjs-jquery-ui< 1.12.1+dfsg-8+deb11u1libjs-jquery-ui_1.12.1+dfsg-8+deb11u1_all.deb
Debian10allotrs< 6.0.16-2+deb10u1otrs_6.0.16-2+deb10u1_all.deb
Debian11alljqueryui< 1.12.1+dfsg-8+deb11u1jqueryui_1.12.1+dfsg-8+deb11u1_all.deb
Debian10alllibjs-jquery-ui< 1.12.1+dfsg-5+deb10u1libjs-jquery-ui_1.12.1+dfsg-5+deb10u1_all.deb
Debian10alljqueryui< 1.12.1+dfsg-5+deb10u1jqueryui_1.12.1+dfsg-5+deb10u1_all.deb
Debian11allnode-jquery-ui< 1.12.1+dfsg-8+deb11u1node-jquery-ui_1.12.1+dfsg-8+deb11u1_all.deb
Debian11alllibjs-jquery-ui-docs< 1.12.1+dfsg-8+deb11u1libjs-jquery-ui-docs_1.12.1+dfsg-8+deb11u1_all.deb
Debian10allotrs2< 6.0.16-2+deb10u1otrs2_6.0.16-2+deb10u1_all.deb

Related

nessus 34
openvas 22
osv 16
ibm 37
ubuntu 2
fedora 9
f5 2
checkpoint_advisories 2
drupal 3
redhat 1
debian 2
veracode 4
prion 4
debiancve 4
github 4
alpinelinux 2
ubuntucve 4
redhatcve 4
cve 4
huntr 1
adobe 1
oracle 9
tenable 1
nessus
nessus
Debian DLA-3230-1 : jqueryui - LTS security update
2022-12-08 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : jQuery UI vulnerabilities (USN-6419-1)
2023-10-05 00:00:00
jQuery UI < 1.13.0 Multiple Vulnerabilities
2021-11-04 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3230-1)
2022-12-08 00:00:00
Ubuntu: Security Advisory (USN-6419-1)
2023-10-06 00:00:00
Fedora: Security Advisory for js-jquery-ui (FEDORA-2021-013ab302be)
2021-12-04 00:00:00
osv
osv
jqueryui - security update
2022-12-07 00:00:00
jqueryui vulnerabilities
2023-10-05 12:36:27
jqueryui vulnerability
2022-09-09 09:31:52
ibm
ibm
Security Bulletin: Multiple vulnerabilities in jQuery affect IBM Tivoli Netcool Impact
2023-12-01 10:35:31
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183
2023-03-27 17:00:47
Security Bulletin: IBM Security QRadar SOAR is using a component vulnerable to Cross Site Scripting (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)
2022-03-03 17:06:48
ubuntu
ubuntu
jQuery UI vulnerabilities
2023-10-05 00:00:00
jQuery UI vulnerability
2022-09-09 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: js-jquery-ui-1.13.0-1.fc33
2021-11-20 01:45:55
[SECURITY] Fedora 34 Update: js-jquery-ui-1.13.0-1.fc34
2021-11-20 01:11:49
[SECURITY] Fedora 35 Update: js-jquery-ui-1.13.0-1.fc35
2021-11-20 01:08:33
f5
f5
K50455702 : jQuery vulnerabilities CVE-2021-41182, CVE-2021-41183, and CVE-2021-41184
2022-03-28 00:00:00
K000134507 : jQuery UI vulnerability CVE-2022-31160
2023-05-08 00:00:00
checkpoint_advisories
checkpoint_advisories
jQuery UI Datepicker Widget Cross Site Scripting (CVE-2021-41182; CVE-2021-41183)
2022-03-14 00:00:00
jQuery UI Cross-site Scripting (CVE-2021-41184)
2022-10-19 00:00:00
drupal
drupal
jQuery UI Datepicker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-004
2022-01-19 00:00:00
Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002
2022-01-19 00:00:00
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001
2022-01-19 00:00:00
redhat
redhat
(RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
2022-05-26 16:04:07
debian
debian
[SECURITY] [DLA-2889-1] drupal7 security update
2022-01-19 20:00:29
[SECURITY] [DLA 3551-1] otrs2 security update
2023-08-31 00:20:25
veracode
veracode
Cross-site Scripting (XSS)
2022-07-19 05:25:38
Cross-site Scripting (XSS)
2021-10-27 05:33:22
Cross-site Scripting (XSS)
2021-10-27 06:12:09
prion
prion
Cross site scripting
2022-07-20 20:15:00
Code injection
2021-10-26 15:15:00
Code injection
2021-10-26 15:15:00
debiancve
debiancve
CVE-2021-41182
2021-10-26 15:15:00
CVE-2022-31160
2022-07-20 20:15:00
CVE-2021-41183
2021-10-26 15:15:00
github
github
XSS in the `altField` option of the Datepicker widget in jquery-ui
2021-10-26 14:55:02
XSS in `*Text` options of the Datepicker widget in jquery-ui
2021-10-26 14:55:21
XSS in the `of` option of the `.position()` util in jquery-ui
2021-10-26 14:55:12
alpinelinux
alpinelinux
CVE-2021-41182
2021-10-26 15:15:00
CVE-2021-41183
2021-10-26 15:15:00
ubuntucve
ubuntucve
CVE-2022-31160
2022-07-20 00:00:00
CVE-2021-41183
2021-10-26 00:00:00
CVE-2021-41184
2021-10-26 00:00:00
redhatcve
redhatcve
CVE-2022-31160
2022-07-25 18:12:42
CVE-2021-41182
2021-11-01 17:41:12
CVE-2021-41184
2021-11-01 17:41:18
cve
cve
CVE-2021-41183
2021-10-26 15:15:00
CVE-2021-41182
2021-10-26 15:15:00
CVE-2021-41184
2021-10-26 15:15:00
huntr
huntr
Jquery UI 1.13.1 in use which is vulnerable to CVE-2022-31160
2023-02-20 08:50:55
adobe
adobe
APSB23-50 : Security update available for Adobe Commerce
2023-10-10 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON
Related for DEBIAN:DLA-3230-1:233EC
nessus34openvas22osv16ibm37ubuntu2fedora9f52checkpoint_advisories2drupal3redhat1debian2veracode4prion4debiancve4github4alpinelinux2ubuntucve4redhatcve4cve4huntr1adobe1oracle9tenable1