Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Remediation

References

https://nodesecurity.io/advisories/127

https://jqueryui.com/changelog/1.12.0/

https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6

https://github.com/jquery/api.jqueryui.com/issues/281

http://rhn.redhat.com/errata/RHSA-2017-0161.html

https://www.tenable.com/security/tns-2016-19

http://rhn.redhat.com/errata/RHSA-2016-2933.html

http://rhn.redhat.com/errata/RHSA-2016-2932.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/104823

https://security.netapp.com/advisory/ntap-20190416-0007/

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.drupal.org/sa-core-2022-002

https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html

https://www.oracle.com/security-alerts/cpujan2022.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Related Vulnerabilities

CVE-2022-31129 Vulnerability in maven package org.webjars:momentjs

CVE-2023-47322 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2014-6393 Vulnerability in npm package express

CVE-2023-30363 Vulnerability in npm package vconsole

CVE-2023-33779 Vulnerability in maven package com.xuxueli:xxl-job

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory Release Notes Vendor Advisory Patch Exploit Issue Tracking VDB Entry Broken Link Mailing List