Description
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-2932.html
http://rhn.redhat.com/errata/RHSA-2016-2933.html
http://rhn.redhat.com/errata/RHSA-2017-0161.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/104823
https://github.com/jquery/api.jqueryui.com/issues/281
https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
https://jqueryui.com/changelog/1.12.0/
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
https://nodesecurity.io/advisories/127
https://security.netapp.com/advisory/ntap-20190416-0007/
https://www.drupal.org/sa-core-2022-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/tns-2016-19
Related Vulnerabilities
CVE-2021-22134 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2021-4278 Vulnerability in npm package tree-kit
CVE-2021-31406 Vulnerability in maven package com.vaadin:flow-server
CVE-2017-1000424 Vulnerability in npm package electron
CVE-2016-10606 Vulnerability in npm package grunt-webdriver-qunit