Lucene search

K

RubySecRUBY:JQUERY-UI-RAILS-2010-5312

HistoryOct 23, 2017 - 9:00 p.m.

Cross-site Scripting in jquery-ui

2017-10-2321:00:00

RubySec

nvd.nist.gov

11

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in
the Dialog widget in jQuery UI before 1.10.0 allows remote attackers
to inject arbitrary web script or HTML via the title option.

Affected configurations

Vulners

Node

rubyjquery-ui-railsRange≤4.0.0

VendorProductVersionCPE
rubyjquery-ui-rails*cpe:2.3:a:ruby:jquery-ui-rails:*:*:*:*:*:*:*:*

References

nvd.nist.gov/vuln/detail/CVE-2010-5312

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Related for RUBY:JQUERY-UI-RAILS-2010-5312

osv3 fedora5 openvas18 nessus17 mageia1 ubuntucve1 prion1 securityvulns2 nvd1 github1 debian4 debiancve1 veracode1 atlassian2 alpinelinux1 cvelist1 cve1 redhat2 ibm4 centos2 oraclelinux2 f51 threatpost1 drupal1 oracle1