CVE-2010-5312

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions jqueryui versions prior to 1.10.0 jqueryui version 1.8.ooops.21+dfsg-2+deb7u2 jqueryui version 1.10.1+dfsg-1

Description A cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.

Recommendations For versions prior to 1.10.0, upgrade to version 1.10.0 or later. For version 1.8.ooops.21+dfsg-2+deb7u2, this version has already fixed the issue. For version 1.10.1+dfsg-1, this version has already fixed the issue. As a temporary workaround, consider disabling the use of the title option in the Dialog widget until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CESA-2015_0442

CESA-2015_1462

CVE-2010-5312

DLA-258-1

DLA-2889-1

DSA-3249-1

DSA-3249-2

GHSA-WCM2-9C89-WMFM

MGASA-2014-0559

RHSA-2015:0442

RHSA-2015:1462

RHSA-2015_0442

RHSA-2015_1462

Affected Products

Centos

Red Hat

Jquery Ui

CVE-2010-5312

Weakness Enumeration

Related Identifiers

Affected Products

References · 50