Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-30875

Опубликовано: 17 окт. 2024
Источник: redhat
CVSS3: 6.1
EPSS Средний

Описание

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, and because the exploitation example does not indicate whether, or how, the example website is using jQuery UI.

A Cross-site scripting (XSS) vulnerability was found in the jquery-ui library. If a user visits a malicious website, a remote attacker may be able to obtain sensitive information and execute arbitrary code via a specially crafted payload to the window.addEventListener component.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 23scale-amp-system-containerNot affected
Red Hat Enterprise Linux 8pcsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2319549jquery-ui: XSS via window.addEventListener

EPSS

Процентиль: 95%
0.1678
Средний

6.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-30875

CVSS3: 7.1
nvd
больше 1 года назад

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, and because the exploitation example does not indicate whether, or how, the example website is using jQuery UI.

debian логотип

CVE-2024-30875

CVSS3: 7.1
debian
больше 1 года назад

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1 ...

github логотип

GHSA-g4r7-cj36-63v3

CVSS3: 7.1
github
больше 1 года назад

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component.

fstec логотип

BDU:2024-08727

CVSS3: 7.1
fstec
больше 1 года назад

Уязвимость JavaScript-библиотеки jQuery UI, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовую сценарную атаку

EPSS

Процентиль: 95%
0.1678
Средний

6.1 Medium

CVSS3