Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-j7qv-pgf6-hvh4

Опубликовано: 26 окт. 2021
Источник: github
Github: Прошло ревью
CVSS3: 6.5

Описание

XSS in *Text options of the Datepicker widget in jquery-ui

Impact

Accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way:

$( "#datepicker" ).datepicker( { showButtonPanel: true, showOn: "both", closeText: "<script>doEvilThing( 'closeText XSS' )</script>", currentText: "<script>doEvilThing( 'currentText XSS' )</script>", prevText: "<script>doEvilThing( 'prevText XSS' )</script>", nextText: "<script>doEvilThing( 'nextText XSS' )</script>", buttonText: "<script>doEvilThing( 'buttonText XSS' )</script>", appendText: "<script>doEvilThing( 'appendText XSS' )</script>", } );

will call doEvilThing with 6 different parameters coming from all *Text options.

Patches

The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML.

Workarounds

A workaround is to not accept the value of the *Text options from untrusted sources.

For more information

If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.

Ссылки

Пакеты

Наименование

jquery-ui

npm
Затронутые версииВерсия исправления

< 1.13.0

1.13.0

Наименование

org.webjars.npm:jquery-ui

maven
Затронутые версииВерсия исправления

< 1.13.0

1.13.0

Наименование

jquery-ui-rails

rubygems
Затронутые версииВерсия исправления

< 7.0.0

7.0.0

Наименование

jQuery.UI.Combined

nuget
Затронутые версииВерсия исправления

< 1.13.0

1.13.0

EPSS

Процентиль: 81%
0.01668
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2021-41183

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2021-41183

CVSS3: 6.5
ubuntu
больше 3 лет назад

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

redhat логотип

CVE-2021-41183

CVSS3: 6.5
redhat
больше 3 лет назад

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

nvd логотип

CVE-2021-41183

CVSS3: 6.5
nvd
больше 3 лет назад

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

debian логотип

CVE-2021-41183

CVSS3: 6.5
debian
больше 3 лет назад

jQuery-UI is the official jQuery user interface library. Prior to vers ...

EPSS

Процентиль: 81%
0.01668
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2021-41183

Дефекты

CWE-79