CVE-2021-41183

Опубликовано: 26 окт. 2021

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

CVSS3: 6.5

Описание

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	1.13.2+dfsg-1
esm-apps/bionic	released	1.12.1+dfsg-5ubuntu0.18.04.1~esm3
esm-apps/focal	released	1.12.1+dfsg-5ubuntu0.20.04.1
esm-apps/jammy	not-affected	1.13.1+dfsg-1
esm-apps/xenial	released	1.10.1+dfsg-1ubuntu0.16.04.1~esm1
esm-infra-legacy/trusty	not-affected	1.10.1+dfsg-1ubuntu0.14.04.1~esm1
focal	released	1.12.1+dfsg-5ubuntu0.20.04.1
hirsute	ignored	end of life
impish	ignored	end of life

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-41183

CVSS3: 6.5

redhat

больше 3 лет назад

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

CVE-2021-41183

CVSS3: 6.5

nvd

больше 3 лет назад

CVE-2021-41183

CVSS3: 6.5

debian

больше 3 лет назад

jQuery-UI is the official jQuery user interface library. Prior to vers ...

GHSA-j7qv-pgf6-hvh4

CVSS3: 6.5

github

больше 3 лет назад

XSS in `*Text` options of the Datepicker widget in jquery-ui

4.3 Medium

CVSS2

6.5 Medium

CVSS3

CVE-2021-41183

Описание

Пакет jqueryui

Ссылки на источники

Связанные уязвимости