PT-2014-2103 · Jquery+2 · Jquery Ui+2

Jzaefferer

Publicado

2014-11-24

Atualizado

2025-06-17

CVE-2010-5312

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions jqueryui versions prior to 1.10.0 jqueryui version 1.8.ooops.21+dfsg-2+deb7u2 jqueryui version 1.10.1+dfsg-1

Description A cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.

Recommendations For versions prior to 1.10.0, upgrade to version 1.10.0 or later. For version 1.8.ooops.21+dfsg-2+deb7u2, this version has already fixed the issue. For version 1.10.1+dfsg-1, this version has already fixed the issue. As a temporary workaround, consider disabling the use of the title option in the Dialog widget until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CESA-2015_0442

CESA-2015_1462

CVE-2010-5312

DLA-258-1

DLA-2889-1

DSA-3249-1

DSA-3249-2

GHSA-WCM2-9C89-WMFM

MGASA-2014-0559

RHSA-2015:0442

RHSA-2015:1462

RHSA-2015_0442

RHSA-2015_1462

Produtos afetados

Centos

Red Hat

Jquery Ui

PT-2014-2103 · Jquery+2 · Jquery Ui+2

CVE-2010-5312

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 50