CVE-2010-5312

MEDIUM

jQuery UI <1.10.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

References (19)

Scores

CVSS v3 6.1
EPSS 0.0520
EPSS Percentile 89.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status draft

Affected Products (12)

debian/debian_linux
jqueryui/jquery_ui < 1.10.0
fedoraproject/fedora
fedoraproject/fedora
netapp/snapcenter
apache/drill
drupal/drupal < 7.86
debian/debian_linux
npm/jquery-ui < 1.10.0npm
org.webjars.npm/jquery-ui < 1.10.0Maven
nuget/jQuery.UI.Combined < 1.10.0NuGet
rubygems/jquery-ui-rails < 4.0.0RubyGems

Timeline

Published Nov 24, 2014
Tracked Since Feb 18, 2026