Описание
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 1.13.2+dfsg-1 |
| esm-apps/bionic | released | 1.12.1+dfsg-5ubuntu0.18.04.1~esm3 |
| esm-apps/focal | released | 1.12.1+dfsg-5ubuntu0.20.04.1 |
| esm-apps/jammy | not-affected | 1.13.1+dfsg-1 |
| esm-apps/xenial | released | 1.10.1+dfsg-1ubuntu0.16.04.1~esm1 |
| esm-infra-legacy/trusty | released | 1.10.1+dfsg-1ubuntu0.14.04.1~esm1 |
| focal | released | 1.12.1+dfsg-5ubuntu0.20.04.1 |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to vers ...
XSS in `*Text` options of the Datepicker widget in jquery-ui
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3