CVE-2010-5312

MEDIUM

jQuery UI <1.10.0 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

References (19)

Core 19
Core References
Exploit, Vendor Advisory
http://bugs.jqueryui.com/ticket/6016
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-0442.html
Third Party Advisory vendor-advisory
http://www.debian.org/security/2015/dsa-3249
Mailing List, Third Party Advisory mailing-list
http://seclists.org/oss-sec/2014/q4/616
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/71106
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2015-1462.html
Third Party Advisory, VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/98696
Mailing List, Third Party Advisory mailing-list
http://seclists.org/oss-sec/2014/q4/613
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1037035
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html

Scores

CVSS v3 6.1
EPSS 0.0593
EPSS Percentile 90.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (12)
apache/drill 1.16.0
debian/debian_linux 7.0
debian/debian_linux 9.0
drupal/drupal 7.0 - 7.86
fedoraproject/fedora 35
fedoraproject/fedora 36
jqueryui/jquery_ui < 1.10.0
netapp/snapcenter
npm/jquery-ui 1.7.0 - 1.10.0npm
nuget/jQuery.UI.Combined 1.7.0 - 1.10.0NuGet
... and 2 more
Published Nov 24, 2014
Tracked Since Feb 18, 2026