Lucene search

K
ubuntuUbuntuUSN-5181-1
HistorySep 09, 2022 - 12:00 a.m.

jQuery UI vulnerability

2022-09-0900:00:00
ubuntu.com
198
jquery ui
vulnerability
ubuntu 18.04
ubuntu 20.04
esm
cross-site scripting
cve-2021-41184
cve-2022-31160

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

75.4%

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • jqueryui - JavaScript UI library for dynamic web applications

Details

It was discovered that jQuery UI did not properly validate the values from
untrusted sources. An attacker could use this vulnerability to cause a crash or
possibly execute arbitrary code. This issue affected only Ubuntu 18.04 ESM and
Ubuntu 20.4 ESM. (CVE-2021-41184)

It was discovered that jQuery UI checkboxradio widget did not properly decode
certain values from HTML entities. An attacker could possibly use this issue to
generate a cross-site scripting(XSS) attack, resulting in a crash or possibly
execute arbitrary code. (CVE-2022-31160)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchnode-jquery-ui< 1.13.1+dfsg-1ubuntu0.1~esm1UNKNOWN
Ubuntu22.04noarchlibjs-jquery-ui< 1.13.1+dfsg-1UNKNOWN
Ubuntu22.04noarchlibjs-jquery-ui-docs< 1.13.1+dfsg-1UNKNOWN
Ubuntu22.04noarchnode-jquery-ui< 1.13.1+dfsg-1UNKNOWN
Ubuntu22.04noarchlibjs-jquery-ui< 1.13.1+dfsg-1ubuntu0.1~esm1UNKNOWN
Ubuntu20.04noarchnode-jquery-ui< 1.12.1+dfsg-5ubuntu0.20.04.1~esm3UNKNOWN
Ubuntu20.04noarchlibjs-jquery-ui< 1.12.1+dfsg-5ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchlibjs-jquery-ui-docs< 1.12.1+dfsg-5ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchnode-jquery-ui< 1.12.1+dfsg-5ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchlibjs-jquery-ui< 1.12.1+dfsg-5ubuntu0.20.04.1~esm3UNKNOWN
Rows per page:
1-10 of 151

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

75.4%