Количество 6
Количество 6
CVE-2021-41184
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVE-2021-41184
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVE-2021-41184
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVE-2021-41184
jQuery-UI is the official jQuery user interface library. Prior to vers ...
GHSA-gpqq-952q-5327
XSS in the `of` option of the `.position()` util in jquery-ui
BDU:2023-07871
Уязвимость метода .position() библиотеки jQuery UI, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-41184 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | CVSS3: 6.5 | 28% Средний | больше 3 лет назад |
 | CVE-2021-41184 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | CVSS3: 6.5 | 28% Средний | больше 3 лет назад |
 | CVE-2021-41184 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | CVSS3: 6.5 | 28% Средний | больше 3 лет назад |
| CVE-2021-41184 jQuery-UI is the official jQuery user interface library. Prior to vers ... | CVSS3: 6.5 | 28% Средний | больше 3 лет назад |
| GHSA-gpqq-952q-5327 XSS in the `of` option of the `.position()` util in jquery-ui | CVSS3: 6.5 | 28% Средний | больше 3 лет назад |
 | BDU:2023-07871 Уязвимость метода .position() библиотеки jQuery UI, позволяющая нарушителю выполнить произвольный код | CVSS3: 6.5 | 28% Средний | около 4 лет назад |
Уязвимостей на страницу