Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHAteHA5di12dng2
jquery-ui Tooltip widget vulnerable to XSS
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
Permalink: https://github.com/advisories/GHSA-qqxp-xp9v-vvx6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHAteHA5di12dng2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 6 years ago
Updated: 6 months ago
Identifiers: GHSA-qqxp-xp9v-vvx6, CVE-2012-6662
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-6662
- https://github.com/jquery/jquery/issues/2432
- https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e
- https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
- https://github.com/advisories/GHSA-qqxp-xp9v-vvx6
- http://bugs.jqueryui.com/ticket/8859
- http://bugs.jqueryui.com/ticket/8861
- http://rhn.redhat.com/errata/RHSA-2015-0442.html
- http://rhn.redhat.com/errata/RHSA-2015-1462.html
- http://seclists.org/oss-sec/2014/q4/613
- http://seclists.org/oss-sec/2014/q4/616
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2012-6662.yml
Blast Radius: 1.0
Affected Packages
nuget:jQuery.UI.Combined
Dependent packages: 0Dependent repositories: 0
Downloads: 45,318,458 total
Affected Version Ranges: < 1.10.0
Fixed in: 1.10.0
All affected versions: 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14, 1.8.15, 1.8.16, 1.8.17, 1.8.18, 1.8.19, 1.8.20, 1.8.21, 1.8.22, 1.8.23, 1.8.24, 1.9.0, 1.9.1, 1.9.2
All unaffected versions: 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2
maven:org.webjars.npm:jquery-ui
Dependent packages: 20Dependent repositories: 1
Downloads:
Affected Version Ranges: < 1.10.0
Fixed in: 1.10.0
All affected versions:
All unaffected versions: 1.10.4, 1.10.5, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2
rubygems:jquery-ui-rails
Dependent packages: 310Dependent repositories: 43,038
Downloads: 71,149,005 total
Affected Version Ranges: < 4.0.0
Fixed in: 4.0.0
All affected versions: 0.0.1, 0.0.2, 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.4.0, 0.4.1, 0.5.0, 1.0.0, 1.1.0, 1.1.1, 2.0.0, 2.0.1, 2.0.2, 3.0.0, 3.0.1
All unaffected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 6.0.0, 6.0.1, 7.0.0
npm:jquery-ui
Dependent packages: 788Dependent repositories: 21,377
Downloads: 2,213,093 last month
Affected Version Ranges: < 1.10.0
Fixed in: 1.10.0
All affected versions:
All unaffected versions: 1.10.4, 1.10.5, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2