Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHAteHA5di12dng2

Moderate EPSS: 0.06276% (0.90496 Percentile) EPSS:
Permalink JSON

jquery-ui Tooltip widget vulnerable to XSS

Affected Packages Affected Versions Fixed Versions
nuget:jQuery.UI.Combined < 1.10.0 1.10.0
27 Dependent packages
0 Dependent repositories
53,461,818 Downloads total

Affected Version Ranges

All affected versions

1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14, 1.8.15, 1.8.16, 1.8.17, 1.8.18, 1.8.19, 1.8.20, 1.8.21, 1.8.22, 1.8.23, 1.8.24, 1.9.0, 1.9.1, 1.9.2

All unaffected versions

1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.14.1
maven:org.webjars.npm:jquery-ui < 1.10.0 1.10.0
20 Dependent packages
1 Dependent repositories

Affected Version Ranges

All affected versions

All unaffected versions

1.10.4, 1.10.5, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.14.0, 1.14.1
rubygems:jquery-ui-rails < 4.0.0 4.0.0
311 Dependent packages
43,038 Dependent repositories
81,396,206 Downloads total

Affected Version Ranges

All affected versions

0.0.1, 0.0.2, 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.4.0, 0.4.1, 0.5.0, 1.0.0, 1.1.0, 1.1.1, 2.0.0, 2.0.1, 2.0.2, 3.0.0, 3.0.1

All unaffected versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 6.0.0, 6.0.1, 7.0.0, 8.0.0
npm:jquery-ui < 1.10.0 1.10.0
788 Dependent packages
21,377 Dependent repositories
2,391,358 Downloads last month

Affected Version Ranges

All affected versions

All unaffected versions

1.10.4, 1.10.5, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.14.0, 1.14.1

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

References:

Identifiers

GHSA-qqxp-xp9v-vvx6

CVE-2012-6662

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.06276

EPSS Percentile: 0.90496

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/jquery/jquery

Date and time

Published

almost 8 years ago

Updated

over 1 year ago

API

JSON