BIT-DRUPAL-2021-41182 XSS in the `altField` option of the Datepicker widget

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

JQuery UI < 1.13.0 Multiple XSS

The version of JQuery UI library hosted on the remote web server is prior to 1.13.0. It is, therefore, affected by multiple cross-site scripting vulnerabilities: - Accepting the value of the 'altField' option of the Datepicker widget from untrusted sources may execute untrusted code. CVE-2021-411...

jQuery UI < 1.13.0 Multiple Vulnerabilities

According to its self-reported version number, jQuery UI is prior to 1.13.0. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS in the altField option of the Datepicker widget CVE-2021-41182 - A Cross-Site Scripting XSS in Text options of the Datepicker widget...

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the updateAlternate function in datepicker.js as it does not properly sanitize altField...

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

DEBIAN-CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

XSS in the `altField` option of the Datepicker widget in jquery-ui

Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $ "datepicker" .datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed...

GHSA-9GJ3-HWP5-PMWC XSS in the `altField` option of the Datepicker widget in jquery-ui

Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $ "datepicker" .datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed...

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

XSS in the `altField` option of the Datepicker widget in jquery-ui

Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed i...

CVE-2021-41182 XSS in the `altField` option of the Datepicker widget

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

CVE-2021-41182

CVE-2021-41182 is an XSS in the jQuery-UI Datepicker altField path (embedded in some OTRS deployments). Affected version observed as 1.12.1 copy; the issue is fixed in jQuery UI 1.13.0 by treating any altField value as a CSS selector. Debris from related CVEs (41183/41184) describe similar issues...

jQuery 跨站脚本漏洞

jQuery is the United States John Resig individual developers of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has modularity , plug-in extensions and other features . A cross-site scripting vulnerability exists in...