PT-2014-2424 · Jquery+2 · Jquery Ui+2

Homakov

Publicado

2014-11-24

Atualizado

2025-06-17

CVE-2012-6662

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions jQuery UI versions prior to 1.10.0

Description A cross-site scripting (XSS) issue exists in the default content option in jquery.ui.tooltip.js in the Tooltip widget. This allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

Recommendations For versions prior to 1.10.0, update to version 1.10.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the title attribute in the autocomplete combo box demo until a patch is available. Restrict access to the Tooltip widget to minimize the risk of exploitation. Avoid using the title attribute in the affected widget until the issue is resolved.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CESA-2015_0442

CESA-2015_1462

CVE-2012-6662

GHSA-QQXP-XP9V-VVX6

RHSA-2015:0442

RHSA-2015:1462

RHSA-2015_0442

RHSA-2015_1462

Produtos afetados

Centos

Red Hat

Jquery Ui

PT-2014-2424 · Jquery+2 · Jquery Ui+2

CVE-2012-6662

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27