Description
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Remediation
References
https://nodesecurity.io/advisories/127
https://jqueryui.com/changelog/1.12.0/
https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
https://github.com/jquery/api.jqueryui.com/issues/281
http://rhn.redhat.com/errata/RHSA-2017-0161.html
https://www.tenable.com/security/tns-2016-19
http://rhn.redhat.com/errata/RHSA-2016-2933.html
http://rhn.redhat.com/errata/RHSA-2016-2932.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/104823
https://security.netapp.com/advisory/ntap-20190416-0007/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.drupal.org/sa-core-2022-002
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
Related Vulnerabilities
CVE-2019-10348 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook
CVE-2023-51079 Vulnerability in maven package org.mvel:mvel2
CVE-2019-10283 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2018-1999004 Vulnerability in maven package org.jenkins-ci.main:jenkins-core