CVE-2016-7103
MEDIUMjQuery UI < 1.12.0 - Cross-Site Scripting via Dialog closeText Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
References (28)
Core 28
Core References
Third Party Advisory, VDB Entry vendor-advisory
http://rhn.redhat.com/errata/RHSA-2017-0161.html
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2933.html
Third Party Advisory vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-2932.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/104823
Mailing List, Third Party Advisory mailing-list
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/
Mailing List, Third Party Advisory mailing-list
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
Mailing List, Third Party Advisory mailing-list
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
Mailing List, Third Party Advisory mailing-list
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
Mailing List, Third Party Advisory mailing-list
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
Patch, Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/jquery/api.jqueryui.com/issues/281
Patch, Third Party Advisory
https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
Release Notes, Vendor Advisory
https://jqueryui.com/changelog/1.12.0/
Third Party Advisory
https://nodesecurity.io/advisories/127
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190416-0007/
Third Party Advisory
https://www.drupal.org/sa-core-2022-002
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Third Party Advisory
https://www.tenable.com/security/tns-2016-19
Scores
CVSS v3
6.1
EPSS
0.0178
EPSS Percentile
82.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (25)
debian/debian_linux
9.0
fedoraproject/fedora
30
fedoraproject/fedora
35
fedoraproject/fedora
36
jqueryui/jquery_ui
1.10.0 - 1.11.4
juniper/junos
21.2
netapp/snapcenter
npm/jquery-ui
0 - 1.12.0npm
nuget/jQuery.UI.Combined
0 - 1.12.0NuGet
oracle/application_express
< 19.1
... and 15 more
Published
Mar 15, 2017
Tracked Since
Feb 18, 2026