Lucene search

K
osvGoogleOSV:GHSA-HPCF-8VF9-Q4GJ
HistoryOct 24, 2017 - 6:33 p.m.

jQuery-UI vulnerable to Cross-site Scripting in dialog closeText

2017-10-2418:33:35
Google
osv.dev
149

EPSS

0.005

Percentile

75.7%

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

References