Lucene search

K
ubuntuUbuntuUSN-6419-1
HistoryOct 05, 2023 - 12:00 a.m.

jQuery UI vulnerabilities

2023-10-0500:00:00
ubuntu.com
29
jquery ui
ubuntu 14.04
16.04
18.04
20.04
cross-site scripting
arbitrary code
html injection
denial of service

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.005

Percentile

75.8%

Releases

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • jqueryui - JavaScript UI library for dynamic web applications

Details

Hong Phat Ly discovered that jQuery UI did not properly manage parameters
from untrusted sources, which could lead to arbitrary web script or HTML
code injection. A remote attacker could possibly use this issue to perform
a cross-site scripting (XSS) attack. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7103)

Esben Sparre Andreasen discovered that jQuery UI did not properly handle
values from untrusted sources in the Datepicker widget. A remote attacker
could possibly use this issue to perform a cross-site scripting (XSS)
attack and execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-41182, CVE-2021-41183)

It was discovered that jQuery UI did not properly validate values from
untrusted sources. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 20.04 LTS. (CVE-2021-41184)

It was discovered that the jQuery UI checkboxradio widget did not properly
decode certain values from HTML entities. An attacker could possibly use
this issue to perform a cross-site scripting (XSS) attack and cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 20.04 LTS. (CVE-2022-31160)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchlibjs-jquery-ui< 1.12.1+dfsg-5ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchlibjs-jquery-ui-docs< 1.12.1+dfsg-5ubuntu0.20.04.1UNKNOWN
Ubuntu20.04noarchnode-jquery-ui< 1.12.1+dfsg-5ubuntu0.20.04.1UNKNOWN
Ubuntu18.04noarchlibjs-jquery-ui< 1.12.1+dfsg-5ubuntu0.18.04.1~esm3UNKNOWN
Ubuntu18.04noarchlibjs-jquery-ui< 1.12.1+dfsg-5UNKNOWN
Ubuntu18.04noarchlibjs-jquery-ui-docs< 1.12.1+dfsg-5UNKNOWN
Ubuntu18.04noarchnode-jquery-ui< 1.12.1+dfsg-5UNKNOWN
Ubuntu18.04noarchnode-jquery-ui< 1.12.1+dfsg-5ubuntu0.18.04.1~esm3UNKNOWN
Ubuntu16.04noarchlibjs-jquery-ui< 1.10.1+dfsg-1ubuntu0.16.04.1~esm1UNKNOWN
Ubuntu16.04noarchlibjs-jquery-ui< 1.10.1+dfsg-1UNKNOWN
Rows per page:
1-10 of 141

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.005

Percentile

75.8%