Description
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-2932.html
http://rhn.redhat.com/errata/RHSA-2016-2933.html
http://rhn.redhat.com/errata/RHSA-2017-0161.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/104823
https://github.com/jquery/api.jqueryui.com/issues/281
https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
https://jqueryui.com/changelog/1.12.0/
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
https://nodesecurity.io/advisories/127
https://security.netapp.com/advisory/ntap-20190416-0007/
https://www.drupal.org/sa-core-2022-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/tns-2016-19
Related Vulnerabilities
CVE-2022-46175 Vulnerability in npm package json5
CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-10-protocol
CVE-2019-10410 Vulnerability in maven package org.jenkins-ci.plugins:log-parser
CVE-2019-16561 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer
CVE-2016-10584 Vulnerability in npm package dalek-browser-chrome-canary