Name of the Vulnerable Software and Affected Versions:

jqueryui versions prior to 1.10.0

jqueryui version 1.8.ooops.21+dfsg-2+deb7u2

jqueryui version 1.10.1+dfsg-1

Description:

A cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the `title` option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.

Recommendations:

For versions prior to 1.10.0, upgrade to version 1.10.0 or later.

For version 1.8.ooops.21+dfsg-2+deb7u2, this version has already fixed the issue.

For version 1.10.1+dfsg-1, this version has already fixed the issue.

As a temporary workaround, consider disabling the use of the `title` option in the Dialog widget until a patch is available.