BIT-drupal-2021-41184

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2021-41184.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-drupal-2021-41184
Aliases
Published
2024-03-06T10:54:31.396Z
Modified
2024-11-27T19:40:48.342Z
Summary
[none]
Details

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.

Database specific
{
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / drupal

Package

Name
drupal
Purl
pkg:bitnami/drupal

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.0.0
Fixed
7.86.0
Introduced
9.2.0
Fixed
9.2.11
Introduced
9.3.0
Fixed
9.3.3