Description

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

Remediation

References

https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3

http://seclists.org/oss-sec/2014/q4/616

http://bugs.jqueryui.com/ticket/6016

http://seclists.org/oss-sec/2014/q4/613

http://rhn.redhat.com/errata/RHSA-2015-0442.html

http://www.debian.org/security/2015/dsa-3249

http://www.securityfocus.com/bid/71106

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://rhn.redhat.com/errata/RHSA-2015-1462.html

http://www.securitytracker.com/id/1037035

https://exchange.xforce.ibmcloud.com/vulnerabilities/98696

https://security.netapp.com/advisory/ntap-20190416-0007/

https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html

https://www.drupal.org/sa-core-2022-002

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Related Vulnerabilities

CVE-2019-10174 Vulnerability in maven package org.infinispan:infinispan-commons

CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk18on

CVE-2022-24785 Vulnerability in npm package moment

CVE-2021-31406 Vulnerability in maven package com.vaadin:flow-server

CVE-2022-43404 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory Exploit Broken Link VDB Entry Patch