Jquery Ui Jquery Ui

Do you want an email whenever new security vulnerabilities are reported in Jquery Ui?

By the Year

In 2021 there have been 3 vulnerabilities in Jquery Ui with an average score of 6.1 out of ten. Jquery Ui did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 3 6.10
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Jquery Ui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jquery Ui Security Vulnerabilities

jQuery-UI is the official jQuery user interface library

CVE-2021-41184 6.1 - Medium - October 26, 2021

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

XSS

jQuery-UI is the official jQuery user interface library

CVE-2021-41183 6.1 - Medium - October 26, 2021

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

XSS

jQuery-UI is the official jQuery user interface library

CVE-2021-41182 6.1 - Medium - October 26, 2021

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

XSS

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might

CVE-2016-7103 6.1 - Medium - March 15, 2017

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by jQuery? Click the Watch button to subscribe.

jQuery
Vendor

Jquery Ui
Product

subscribe