CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
72.8%
Accepting the value of various *Text
options of the Datepicker
widget from untrusted sources may execute untrusted code. For example, initializing
the datepicker in the following way:
$("#datepicker").datepicker( {
showButtonPanel: true,
showOn: "both",
closeText: "<script>doEvilThing('closeText XSS')</script>",
currentText: "<script>doEvilThing('currentText XSS')</script>",
prevText: "<script>doEvilThing('prevText XSS')</script>",
nextText: "<script>doEvilThing('nextText XSS')</script>",
buttonText: "<script>doEvilThing('buttonText XSS')</script>",
appendText: "<script>doEvilThing('appendText XSS')</script>",
}
);
will call doEvilThing
with 6 different parameters coming from
all *Text
options.
The issue is fixed in jQuery UI 1.13.0. The values passed to various
*Text
options are now always treated as pure text, not HTML.
A workaround is to not accept the value of the *Text
options from
untrusted sources.
If you have any questions or comments about this advisory, search
for a relevant issue in
the jQuery UI repo.
If you don’t find an answer, open a new issue.
Vendor | Product | Version | CPE |
---|---|---|---|
ruby | jquery-ui-rails | * | cpe:2.3:a:ruby:jquery-ui-rails:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
72.8%