GHSA-hpcf-8vf9-q4gj
- Source
- https://github.com/advisories/GHSA-hpcf-8vf9-q4gj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-hpcf-8vf9-q4gj/GHSA-hpcf-8vf9-q4gj.json
- Aliases
- Published
- 2017-10-24T18:33:35Z
- Modified
- 2024-03-11T05:20:56.476279Z
- Details
-
Affected versions of
jquery-uiare vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of thecloseTextparameter in thedialogfunction.jQuery-UI is a library for manipulating UI elements via jQuery.
Version 1.11.4 has a cross site scripting (XSS) vulnerability in the
closeTextparameter of thedialogfunction. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.Recommendation
Upgrade to jQuery-UI 1.12.0 or later.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-7103
- https://github.com/jquery/api.jqueryui.com/issues/281
- https://github.com/jquery/jquery-ui/pull/1622
- https://github.com/jquery-ui-rails/jquery-ui-rails/commit/d504a40538fe5f7998439ad2f8fc5c4a1f843f1c
- https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4
- https://security.netapp.com/advisory/ntap-20190416-0007
- https://web.archive.org/web/20200227030100/http://www.securityfocus.com/bid/104823
- https://www.drupal.org/sa-core-2022-002
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ
- https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E
- https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://jqueryui.com/changelog/1.12.0
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2016-7103.yml
- https://github.com/jquery/jquery-ui
- http://rhn.redhat.com/errata/RHSA-2016-2932.html
- http://rhn.redhat.com/errata/RHSA-2016-2933.html
- http://rhn.redhat.com/errata/RHSA-2017-0161.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Affected packages
npm / jquery-ui
Package
- Name
- jquery-ui
RubyGems / jquery-ui-rails
Package
- Name
- jquery-ui-rails
Maven / org.webjars.npm:jquery-ui
Package
- Name
- org.webjars.npm:jquery-ui