Jzaefferer

**Name of the Vulnerable Software and Affected Versions** jqueryui versions prior to 1.10.0 jqueryui version 1.8.ooops.21+dfsg-2+deb7u2 jqueryui version 1.10.1+dfsg-1 **Description** A cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the `title` option. This would allow a remote attacker to inject arbitrary code through cross-site scripting. **Recommendations** For versions prior to 1.10.0, upgrade to version 1.10.0 or later. For version 1.8.ooops.21+dfsg-2+deb7u2, this version has already fixed the issue. For version 1.10.1+dfsg-1, this version has already fixed the issue. As a temporary workaround, consider disabling the use of the `title` option in the Dialog widget until a patch is available.