GitHub Advisory DatabaseGHSA-WCM2-9C89-WMFMCross-site Scripting in jquery-ui
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
53.4%
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| jquery-ui-rails | lt | 4.0.0 | |
| jquery.ui.combined | lt | 1.10.0 | |
| org.webjars.npm:jquery-ui | lt | 1.10.0 | |
| jquery-ui | lt | 1.10.0 |
References
bugs.jqueryui.com/ticket/6016
rhn.redhat.com/errata/RHSA-2015-0442.html
rhn.redhat.com/errata/RHSA-2015-1462.html
seclists.org/oss-sec/2014/q4/613
seclists.org/oss-sec/2014/q4/616
www.debian.org/security/2015/dsa-3249
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
exchange.xforce.ibmcloud.com/vulnerabilities/98696
github.com/advisories/GHSA-wcm2-9c89-wmfm
github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2010-5312.yml
lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
lists.debian.org/debian-lts-announce/2022/01/msg00014.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
lists.fedoraproject.org/archives/list/[email protected]/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
lists.fedoraproject.org/archives/list/[email protected]/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
nvd.nist.gov/vuln/detail/CVE-2010-5312
security.netapp.com/advisory/ntap-20190416-0007/
web.archive.org/web/20150316023043/www.securityfocus.com/bid/71106
web.archive.org/web/20170316161850/www.securitytracker.com/id/1037035
www.drupal.org/sa-core-2022-002
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
53.4%