Jquery Ui Security Vulnerabilities and Issues — Jquery Ui CVE List

Lucene search

JqueryuiJquery Ui

8 matches found

CVE•added 2017/03/15 4:59 p.m.•751 views

CVE-2016-7103

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

6.1CVSS6AI score0.01397EPSS

CVE•added 2021/10/26 3:15 p.m.•743 views

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS ...

6.5CVSS6.5AI score0.25367EPSS

CVE•added 2022/07/20 8:15 p.m.•715 views

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents consi...

6.1CVSS6AI score0.06383EPSS

CVE•added 2021/10/26 3:15 p.m.•613 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now trea...

6.5CVSS6.4AI score0.22267EPSS

CVE•added 2021/10/26 3:15 p.m.•531 views

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now alway...

6.5CVSS6.5AI score0.01538EPSS

CVE•added 2014/11/24 4:59 p.m.•320 views

CVE-2012-6662

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

4.3CVSS5.8AI score0.05467EPSS

CVE•added 2014/11/24 4:59 p.m.•201 views

CVE-2010-5312

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

6.1CVSS6AI score0.02055EPSS

CVE•added 2024/10/17 10:15 p.m.•45 views

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, and...

7.1CVSS6.9AI score0.02016EPSS