Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Remediation

References

https://nodesecurity.io/advisories/127

https://jqueryui.com/changelog/1.12.0/

https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6

https://github.com/jquery/api.jqueryui.com/issues/281

http://rhn.redhat.com/errata/RHSA-2017-0161.html

https://www.tenable.com/security/tns-2016-19

http://rhn.redhat.com/errata/RHSA-2016-2933.html

http://rhn.redhat.com/errata/RHSA-2016-2932.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/104823

https://security.netapp.com/advisory/ntap-20190416-0007/

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.drupal.org/sa-core-2022-002

https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html

https://www.oracle.com/security-alerts/cpujan2022.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Related Vulnerabilities

CVE-2017-16063 Vulnerability in npm package node-opensl

CVE-2017-16132 Vulnerability in npm package simple-npm-registry

CVE-2013-7370 Vulnerability in npm package connect

CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:jasper

CVE-2020-1748 Vulnerability in maven package org.wildfly.security:wildfly-elytron

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory Release Notes Vendor Advisory Patch Exploit Issue Tracking VDB Entry Broken Link Mailing List