Lucene search
K

132 matches found

NVD
NVD
added 2021/10/26 3:15 p.m.22 views

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

6.5CVSS0.07948EPSS
Exploits1References18
OSV
OSV
added 2021/10/26 3:15 p.m.36 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.1CVSS6.1AI score
Exploits0References16
OSV
OSV
added 2021/10/26 3:15 p.m.33 views

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

6.1CVSS6.1AI score
Exploits0References18
NVD
NVD
added 2021/10/26 3:15 p.m.24 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.5CVSS0.42229EPSS
Exploits1References16
OSV
OSV
added 2021/10/26 3:15 p.m.2 views

DEBIAN-CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.1CVSS6.1AI score0.42229EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/10/26 3:15 p.m.40 views

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

6.5CVSS6.6AI score0.07948EPSS
Exploits1References6
Prion
Prion
added 2021/10/26 3:15 p.m.33 views

Code injection

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

4.3CVSS6.1AI score0.07948EPSS
Exploits1References18Affected Software20
OSV
OSV
added 2021/10/26 3:15 p.m.3 views

UBUNTU-CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

6.5CVSS6.6AI score0.07948EPSS
Exploits1References7
Prion
Prion
added 2021/10/26 3:15 p.m.34 views

Code injection

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

4.3CVSS6.1AI score0.42229EPSS
Exploits1References16Affected Software21
UbuntuCve
UbuntuCve
added 2021/10/26 3:15 p.m.52 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.5CVSS6.7AI score0.42229EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2021/10/26 2:55 p.m.288 views

XSS in `*Text` options of the Datepicker widget in jquery-ui

Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $ "datepicker" .datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing 'closeText XSS...

6.5CVSS0.7AI score0.07948EPSS
Exploits1References25Affected Software4
OSV
OSV
added 2021/10/26 2:55 p.m.90 views

GHSA-J7QV-PGF6-HVH4 XSS in `*Text` options of the Datepicker widget in jquery-ui

Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $ "datepicker" .datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing 'closeText XSS...

6.5CVSS6.5AI score0.07948EPSS
Exploits1References25
Github Security Blog
Github Security Blog
added 2021/10/26 2:55 p.m.478 views

XSS in the `altField` option of the Datepicker widget in jquery-ui

Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $ "datepicker" .datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed...

6.5CVSS2.1AI score0.42229EPSS
Exploits1References24Affected Software4
OSV
OSV
added 2021/10/26 2:55 p.m.50 views

GHSA-9GJ3-HWP5-PMWC XSS in the `altField` option of the Datepicker widget in jquery-ui

Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $ "datepicker" .datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed...

6.5CVSS6.8AI score0.42229EPSS
Exploits1References24
CVE
CVE
added 2021/10/26 12:0 a.m.1069 views

CVE-2021-41182

CVE-2021-41182 is an XSS in the jQuery-UI Datepicker altField path (embedded in some OTRS deployments). Affected version observed as 1.12.1 copy; the issue is fixed in jQuery UI 1.13.0 by treating any altField value as a CSS selector. Debris from related CVEs (41183/41184) describe similar issues...

6.5CVSS6.4AI score0.42229EPSS
Exploits1References16Affected Software1
RubySec
RubySec
added 2021/10/26 12:0 a.m.21 views

XSS in `*Text` options of the Datepicker widget in jquery-ui

Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing'closeText XSS'",...

6.5CVSS6.8AI score0.07948EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/10/26 12:0 a.m.17 views

XSS in the `altField` option of the Datepicker widget in jquery-ui

Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed i...

6.5CVSS6.8AI score0.42229EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2021/10/26 12:0 a.m.53 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.5CVSS6.6AI score0.42229EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/10/26 12:0 a.m.53 views

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

6.5CVSS6.7AI score0.07948EPSS
Exploits1
CVE
CVE
added 2021/10/26 12:0 a.m.607 views

CVE-2021-41183

CVE-2021-41183 concerns jQuery-UI’s Datepicker in the embedded jQuery-UI copy used by OTRS (notably in the 1.12.1 series). The vulnerability arises from accepting values for the various *Text options from untrusted sources, which could allow execution of untrusted code. The issue is fixed in jQue...

6.5CVSS6.5AI score0.07948EPSS
Exploits1References18Affected Software1
Rows per page
Query Builder