Description
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Remediation
References
https://nodesecurity.io/advisories/127
https://jqueryui.com/changelog/1.12.0/
https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
https://github.com/jquery/api.jqueryui.com/issues/281
http://rhn.redhat.com/errata/RHSA-2017-0161.html
https://www.tenable.com/security/tns-2016-19
http://rhn.redhat.com/errata/RHSA-2016-2933.html
http://rhn.redhat.com/errata/RHSA-2016-2932.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/104823
https://security.netapp.com/advisory/ntap-20190416-0007/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.drupal.org/sa-core-2022-002
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
Related Vulnerabilities
CVE-2020-24616 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-36649 Vulnerability in maven package org.webjars.npm:papaparse
CVE-2016-10707 Vulnerability in npm package jquery
CVE-2020-26272 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-40167 Vulnerability in maven package org.eclipse.jetty:jetty-http