", co...">
Accepting the value of the of
option of the
.position()
util from untrusted sources may execute untrusted code. For example, invoking the
following code:
$("#element").position( {
my: "left top", at: "right bottom",
of: "<img src="/404" />",
collision: "none"
});
will call the doEvilThing()
function.
The issue is fixed in jQuery UI 1.13.0. Any string value passed to
the of
option is now treated as a CSS selector.
A workaround is to not accept the value of the of
option from
untrusted sources.
If you have any questions or comments about this advisory, search
for a relevant issue in
the jQuery UI repo.
If you donβt find an answer, open a new issue."
CPE | Name | Operator | Version |
---|---|---|---|
jquery-ui-rails | lt | 7.0.0 |