Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHAteHA5di12dng2

jquery-ui Tooltip widget vulnerable to XSS

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

Permalink: https://github.com/advisories/GHSA-qqxp-xp9v-vvx6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHAteHA5di12dng2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 7 years ago
Updated: about 1 year ago


EPSS Percentage: 0.0019
EPSS Percentile: 0.56513

Identifiers: GHSA-qqxp-xp9v-vvx6, CVE-2012-6662
References: Repository: https://github.com/jquery/jquery
Blast Radius: 1.0

Affected Packages

nuget:jQuery.UI.Combined
Dependent packages: 27
Dependent repositories: 0
Downloads: 49,673,007 total
Affected Version Ranges: < 1.10.0
Fixed in: 1.10.0
All affected versions: 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14, 1.8.15, 1.8.16, 1.8.17, 1.8.18, 1.8.19, 1.8.20, 1.8.21, 1.8.22, 1.8.23, 1.8.24, 1.9.0, 1.9.1, 1.9.2
All unaffected versions: 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.14.1
maven:org.webjars.npm:jquery-ui
Dependent packages: 20
Dependent repositories: 1
Downloads:
Affected Version Ranges: < 1.10.0
Fixed in: 1.10.0
All affected versions:
All unaffected versions: 1.10.4, 1.10.5, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.14.0, 1.14.1
rubygems:jquery-ui-rails
Dependent packages: 311
Dependent repositories: 43,038
Downloads: 76,915,434 total
Affected Version Ranges: < 4.0.0
Fixed in: 4.0.0
All affected versions: 0.0.1, 0.0.2, 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.4.0, 0.4.1, 0.5.0, 1.0.0, 1.1.0, 1.1.1, 2.0.0, 2.0.1, 2.0.2, 3.0.0, 3.0.1
All unaffected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 6.0.0, 6.0.1, 7.0.0
npm:jquery-ui
Dependent packages: 788
Dependent repositories: 21,377
Downloads: 2,326,315 last month
Affected Version Ranges: < 1.10.0
Fixed in: 1.10.0
All affected versions:
All unaffected versions: 1.10.4, 1.10.5, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.14.0, 1.14.1