Jquery Ui Jqueryui Jquery Ui

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Jqueryui Jquery Ui.

By the Year

In 2024 there have been 0 vulnerabilities in Jqueryui Jquery Ui . Jquery Ui did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 1 6.10
2021 3 6.10
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Jquery Ui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jqueryui Jquery Ui Security Vulnerabilities

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery

CVE-2022-31160 6.1 - Medium - July 20, 2022

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.

XSS

jQuery-UI is the official jQuery user interface library

CVE-2021-41184 6.1 - Medium - October 26, 2021

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

XSS

jQuery-UI is the official jQuery user interface library

CVE-2021-41183 6.1 - Medium - October 26, 2021

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

XSS

jQuery-UI is the official jQuery user interface library

CVE-2021-41182 6.1 - Medium - October 26, 2021

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

XSS

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might

CVE-2016-7103 6.1 - Medium - March 15, 2017

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

XSS

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0

CVE-2010-5312 6.1 - Medium - November 24, 2014

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jqueryui Jquery Ui or by Jqueryui? Click the Watch button to subscribe.

Jqueryui
Vendor

subscribe