CVE-2016-7103

Опубликовано: 21 июл. 2016

Источник: redhat

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.

Отчет

Red Hat Enterprise Satellite 5 is now in phase 3 of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
OpenStack Foreman	ruby193-rubygem-jquery-ui-rails	Will not fix
Red Hat Decision Manager 7	jquery-ui	Out of support scope
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	python-XStatic-jquery-ui	Will not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer	ruby193-rubygem-jquery-ui-rails	Will not fix
Red Hat OpenStack Platform 10 (Newton)	python-XStatic-jquery-ui	Affected
Red Hat Process Automation 7	jquery-ui	Out of support scope
Red Hat Satellite 5	jquery-ui	Affected
Red Hat Satellite 6	ruby193-rubygem-jquery-ui-rails	Affected
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	python-XStatic-jquery-ui	Fixed	RHSA-2017:0161	19.01.2017
Red Hat OpenStack Platform 8.0 (Liberty)	python-XStatic-jquery-ui	Fixed	RHSA-2016:2932	08.12.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1360286jquery-ui: cross-site scripting in dialog closeText

EPSS

Процентиль: 80%

0.01397

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-7103

CVSS3: 6.1

ubuntu

почти 9 лет назад

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

CVE-2016-7103

CVSS3: 6.1

nvd

почти 9 лет назад

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

CVE-2016-7103

CVSS3: 6.1

debian

почти 9 лет назад

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...

GHSA-hpcf-8vf9-q4gj

CVSS3: 6.1

github

больше 8 лет назад

jQuery-UI vulnerable to Cross-site Scripting in dialog closeText

BDU:2021-02617

CVSS3: 6.1

fstec

почти 9 лет назад

Уязвимость библиотеки jQuery UI, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовую сценарную атаку

EPSS

Процентиль: 80%

0.01397

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2