Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Remediation

References

https://nodesecurity.io/advisories/127

https://jqueryui.com/changelog/1.12.0/

https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6

https://github.com/jquery/api.jqueryui.com/issues/281

http://rhn.redhat.com/errata/RHSA-2017-0161.html

https://www.tenable.com/security/tns-2016-19

http://rhn.redhat.com/errata/RHSA-2016-2933.html

http://rhn.redhat.com/errata/RHSA-2016-2932.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/104823

https://security.netapp.com/advisory/ntap-20190416-0007/

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.drupal.org/sa-core-2022-002

https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html

https://www.oracle.com/security-alerts/cpujan2022.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Related Vulnerabilities

CVE-2019-11808 Vulnerability in maven package io.ratpack:ratpack-session

CVE-2019-1003096 Vulnerability in maven package org.jenkins-ci.plugins:testfairy

CVE-2018-3728 Vulnerability in maven package org.webjars.npm:hoek

CVE-2022-26183 Vulnerability in npm package pnpm

CVE-2014-3630 Vulnerability in maven package com.typesafe.play:play_2.10

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory Release Notes Vendor Advisory Patch Exploit Issue Tracking VDB Entry Broken Link Mailing List