CVE-2016-7103

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions jQuery UI versions prior to 1.12.0

Description A cross-site scripting (XSS) issue might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. This vulnerability is related to the lack of protection measures for the web page structure. If an application passes user input to the closeText parameter, it may be vulnerable to XSS via this attack vector.

Recommendations Upgrade to jQuery-UI 1.12.0 or later. As a temporary workaround, consider restricting the use of the closeText parameter in the dialog function to minimize the risk of exploitation. Avoid passing arbitrary user input to the closeText parameter until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2021-02617

CVE-2016-7103

DLA-2889-1

GHSA-G8Q2-24JH-5HPC

GHSA-HPCF-8VF9-Q4GJ

OPENSUSE-SU-2024:11214-1

OPENSUSE-SU-2024:14131-1

RHSA-2016:2932

RHSA-2016:2933

RHSA-2017:0161

SUSE-SU-2017:2351-1

USN-6419-1

Affected Products

Debian

Junos

Linuxmint

Oracle Weblogic Server

Ubuntu

Jquery Ui

CVE-2016-7103

Weakness Enumeration

Related Identifiers

Affected Products

References · 76