CVE-2010-5312

Опубликовано: 24 нояб. 2014

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

Ссылки

http://bugs.jqueryui.com/ticket/6016
Exploit
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0442.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1462.html
Third Party Advisory
http://seclists.org/oss-sec/2014/q4/613
Mailing List
Third Party Advisory
http://seclists.org/oss-sec/2014/q4/616
Mailing List
Third Party Advisory
http://www.debian.org/security/2015/dsa-3249
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/71106
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037035
Broken Link
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/98696
Third Party Advisory
VDB Entry
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
Vendor Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190416-0007/
Third Party Advisory
https://www.drupal.org/sa-core-2022-002
Third Party Advisory
http://bugs.jqueryui.com/ticket/6016
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:jquery:*:*

Версия до 1.10.0 (исключая)

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*

Конфигурация 6

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 7.86 (исключая)

Конфигурация 7

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02665

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2010-5312

CVSS3: 6.1

ubuntu

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2010-5312

redhat

почти 15 лет назад

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2010-5312

CVSS3: 6.1

debian

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...

GHSA-wcm2-9c89-wmfm

CVSS3: 6.1

github

больше 7 лет назад

Cross-site Scripting in jquery-ui

ELSA-2015-1462

oracle-oval

почти 10 лет назад

ELSA-2015-1462: ipa security and bug fix update (MODERATE)

EPSS

Процентиль: 85%

0.02665

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79