Описание
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| drupal7 | removed | package | ||
| jqueryui | fixed | 1.12.1+dfsg-1 | package | |
| jqueryui | no-dsa | jessie | package | |
| jqueryui | no-dsa | wheezy | package |
Примечания
https://nodesecurity.io/advisories/127
https://github.com/jquery/jquery-ui/pull/1622
https://github.com/jquery/jquery-ui/pull/1632
https://github.com/jquery/api.jqueryui.com/issues/281
https://www.drupal.org/sa-core-2022-002
EPSS
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Уязвимость библиотеки jQuery UI, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовую сценарную атаку
EPSS