Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjbTItOWM4OS13bWZt

Moderate EPSS: 0.02975% (0.86054 Percentile) EPSS:
Permalink JSON

Cross-site Scripting in jquery-ui

Affected Packages Affected Versions Fixed Versions
rubygems:jquery-ui-rails
PURL: pkg:gem/jquery-ui-rails
< 4.0.0 4.0.0
311 Dependent packages
43,038 Dependent repositories
83,434,570 Downloads total

Affected Version Ranges

All affected versions

0.0.1, 0.0.2, 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.4.0, 0.4.1, 0.5.0, 1.0.0, 1.1.0, 1.1.1, 2.0.0, 2.0.1, 2.0.2, 3.0.0, 3.0.1

All unaffected versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 6.0.0, 6.0.1, 7.0.0, 8.0.0
nuget:jQuery.UI.Combined
PURL: pkg:nuget/jQuery.UI.Combined
>= 1.7.0, < 1.10.0 1.10.0
27 Dependent packages
0 Dependent repositories
55,331,714 Downloads total

Affected Version Ranges

All affected versions

1.8.20.1, 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14, 1.8.15, 1.8.16, 1.8.17, 1.8.18, 1.8.19, 1.8.20, 1.8.21, 1.8.22, 1.8.23, 1.8.24, 1.9.0, 1.9.0-RC1, 1.9.1, 1.9.2

All unaffected versions

1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.14.1
maven:org.webjars.npm:jquery-ui >= 1.7.0, < 1.10.0 1.10.0
20 Dependent packages
1 Dependent repositories

Affected Version Ranges

All affected versions

All unaffected versions

1.10.4, 1.10.5, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.14.0, 1.14.1
npm:jquery-ui
PURL: pkg:npm/jquery-ui
>= 1.7.0, < 1.10.0 1.10.0
788 Dependent packages
21,377 Dependent repositories
2,574,000 Downloads last month

Affected Version Ranges

All affected versions

All unaffected versions

1.10.4, 1.10.5, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.14.0, 1.14.1

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

References:

Identifiers

GHSA-wcm2-9c89-wmfm

CVE-2010-5312

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.02975

EPSS Percentile: 0.86054

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/jquery/jquery-ui

Date and time

Published

about 8 years ago

Updated

7 months ago

API

JSON