CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
66.0%
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
bugs.jqueryui.com/ticket/8859
bugs.jqueryui.com/ticket/8861
rhn.redhat.com/errata/RHSA-2015-0442.html
rhn.redhat.com/errata/RHSA-2015-1462.html
seclists.org/oss-sec/2014/q4/613
seclists.org/oss-sec/2014/q4/616
www.securityfocus.com/bid/71107
exchange.xforce.ibmcloud.com/vulnerabilities/98697
github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e
github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
github.com/jquery/jquery/issues/2432