CVE-2012-6662

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions jQuery UI versions prior to 1.10.0

Description A cross-site scripting (XSS) issue exists in the default content option in jquery.ui.tooltip.js in the Tooltip widget. This allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

Recommendations For versions prior to 1.10.0, update to version 1.10.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the title attribute in the autocomplete combo box demo until a patch is available. Restrict access to the Tooltip widget to minimize the risk of exploitation. Avoid using the title attribute in the affected widget until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CESA-2015_0442

CESA-2015_1462

CVE-2012-6662

GHSA-QQXP-XP9V-VVX6

RHSA-2015:0442

RHSA-2015:1462

RHSA-2015_0442

RHSA-2015_1462

Affected Products

Centos

Red Hat

Jquery Ui

CVE-2012-6662

Weakness Enumeration

Related Identifiers

Affected Products

References · 27