Affected versions of jquery-ui
are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText
parameter in the dialog
function.
jQuery-UI is a library for manipulating UI elements via jQuery.
Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText
parameter of the dialog
function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.
Upgrade to jQuery-UI 1.12.0 or later.
{ "nvd_published_at": "2017-03-15T16:59:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:40:44Z" }