github - GHSA-hpcf-8vf9-q4gj

GHSA-hpcf-8vf9-q4gj

Vulnerability from github

Published

2017-10-24 18:33

Modified

2023-01-26 23:02

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

jQuery-UI vulnerable to Cross-site Scripting in dialog closeText

Details

Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function.

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Recommendation

Upgrade to jQuery-UI 1.12.0 or later.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jquery-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "jquery-ui-rails"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.webjars.npm:jquery-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "jQuery.UI.Combined"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-7103"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:40:44Z",
    "nvd_published_at": "2017-03-15T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Affected versions of `jquery-ui` are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the `closeText` parameter in the `dialog` function. \n\njQuery-UI is a library for manipulating UI elements via jQuery.\n\nVersion 1.11.4 has a cross site scripting (XSS) vulnerability in the `closeText` parameter of the `dialog`  function.  If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.\n\n\n## Recommendation\n\nUpgrade to jQuery-UI 1.12.0 or later.",
  "id": "GHSA-hpcf-8vf9-q4gj",
  "modified": "2023-01-26T23:02:07Z",
  "published": "2017-10-24T18:33:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7103"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jquery/api.jqueryui.com/issues/281"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jquery/jquery-ui/pull/1622"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jquery-ui-rails/jquery-ui-rails/commit/d504a40538fe5f7998439ad2f8fc5c4a1f843f1c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190416-0007"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227030100/http://www.securityfocus.com/bid/104823"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-core-2022-002"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://jqueryui.com/changelog/1.12.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2016-7103.yml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jquery/jquery-ui"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "jQuery-UI vulnerable to Cross-site Scripting in dialog closeText"
}

cve-2016-7103

Vulnerability from cvelistv5

Published

2017-03-15 00:00

Modified

2024-08-06 01:50

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

References

▼	URL	Tags
	http://rhn.redhat.com/errata/RHSA-2017-0161.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2933.html	vendor-advisory
	http://rhn.redhat.com/errata/RHSA-2016-2932.html	vendor-advisory
	http://www.securityfocus.com/bid/104823	vdb-entry
	https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/	vendor-advisory
	https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E	mailing-list
	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E	mailing-list
	https://www.oracle.com/security-alerts/cpuapr2020.html
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
	https://www.oracle.com/security-alerts/cpuApr2021.html
	https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
	https://github.com/jquery/api.jqueryui.com/issues/281
	https://nodesecurity.io/advisories/127
	https://www.tenable.com/security/tns-2016-19
	https://jqueryui.com/changelog/1.12.0/
	https://security.netapp.com/advisory/ntap-20190416-0007/
	https://www.oracle.com//security-alerts/cpujul2021.html
	https://www.oracle.com/security-alerts/cpujan2022.html
	https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html	mailing-list
	https://www.drupal.org/sa-core-2022-002
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/	vendor-advisory

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:47.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0161",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html"
          },
          {
            "name": "RHSA-2016:2933",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html"
          },
          {
            "name": "RHSA-2016:2932",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html"
          },
          {
            "name": "104823",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104823"
          },
          {
            "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-a96124345a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/"
          },
          {
            "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jquery/api.jqueryui.com/issues/281"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodesecurity.io/advisories/127"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-19"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jqueryui.com/changelog/1.12.0/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190416-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.drupal.org/sa-core-2022-002"
          },
          {
            "name": "FEDORA-2022-9d655503ea",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
          },
          {
            "name": "FEDORA-2022-bf18450366",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-03T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2017:0161",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html"
        },
        {
          "name": "RHSA-2016:2933",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html"
        },
        {
          "name": "RHSA-2016:2932",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html"
        },
        {
          "name": "104823",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/104823"
        },
        {
          "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-a96124345a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/"
        },
        {
          "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
        },
        {
          "url": "https://github.com/jquery/api.jqueryui.com/issues/281"
        },
        {
          "url": "https://nodesecurity.io/advisories/127"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-19"
        },
        {
          "url": "https://jqueryui.com/changelog/1.12.0/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190416-0007/"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
        },
        {
          "url": "https://www.drupal.org/sa-core-2022-002"
        },
        {
          "name": "FEDORA-2022-9d655503ea",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
        },
        {
          "name": "FEDORA-2022-bf18450366",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7103",
    "datePublished": "2017-03-15T00:00:00",
    "dateReserved": "2016-08-27T00:00:00",
    "dateUpdated": "2024-08-06T01:50:47.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

gsd-2016-7103

Vulnerability from gsd

Modified

2016-08-27 00:00

Details

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Aliases

CVE-2016-7103

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7103",
    "description": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.",
    "id": "GSD-2016-7103",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-7103.html",
      "https://access.redhat.com/errata/RHSA-2017:0161",
      "https://access.redhat.com/errata/RHSA-2016:2933",
      "https://access.redhat.com/errata/RHSA-2016:2932"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "jquery-ui-rails",
            "purl": "pkg:gem/jquery-ui-rails"
          }
        }
      ],
      "aliases": [
        "CVE-2016-7103",
        "GHSA-hpcf-8vf9-q4gj"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might\nallow remote attackers to inject arbitrary web script or HTML via the\ncloseText parameter of the dialog function.\n",
      "id": "GSD-2016-7103",
      "modified": "2016-08-27T00:00:00.000Z",
      "published": "2016-08-27T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/jquery/api.jqueryui.com/issues/281"
        },
        {
          "type": "WEB",
          "url": "https://github.com/jquery/jquery-ui/pull/1635"
        },
        {
          "type": "WEB",
          "url": "https://github.com/jquery-ui-rails/jquery-ui-rails/blob/master/History.md#600"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 4.3,
          "type": "CVSS_V2"
        },
        {
          "score": 6.1,
          "type": "CVSS_V3"
        }
      ],
      "summary": "XSS Vulnerability on closeText option of Dialog jQuery UI"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-7103",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "?",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "https://nodesecurity.io/advisories/127",
            "refsource": "MISC",
            "url": "https://nodesecurity.io/advisories/127"
          },
          {
            "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "https://github.com/jquery/api.jqueryui.com/issues/281",
            "refsource": "MISC",
            "url": "https://github.com/jquery/api.jqueryui.com/issues/281"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
          },
          {
            "name": "https://www.drupal.org/sa-core-2022-002",
            "refsource": "MISC",
            "url": "https://www.drupal.org/sa-core-2022-002"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2017-0161.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2016-2933.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2016-2932.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/104823",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/104823"
          },
          {
            "name": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/"
          },
          {
            "name": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "refsource": "MISC",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "name": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6",
            "refsource": "MISC",
            "url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
          },
          {
            "name": "https://www.tenable.com/security/tns-2016-19",
            "refsource": "MISC",
            "url": "https://www.tenable.com/security/tns-2016-19"
          },
          {
            "name": "https://jqueryui.com/changelog/1.12.0/",
            "refsource": "MISC",
            "url": "https://jqueryui.com/changelog/1.12.0/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190416-0007/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20190416-0007/"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2016-7103",
      "cvss_v2": 4.3,
      "cvss_v3": 6.1,
      "date": "2016-08-27",
      "description": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might\nallow remote attackers to inject arbitrary web script or HTML via the\ncloseText parameter of the dialog function.\n",
      "framework": "rails",
      "gem": "jquery-ui-rails",
      "ghsa": "hpcf-8vf9-q4gj",
      "patched_versions": [
        "\u003e= 6.0.0"
      ],
      "related": {
        "url": [
          "https://github.com/jquery/jquery-ui/pull/1635",
          "https://github.com/jquery-ui-rails/jquery-ui-rails/blob/master/History.md#600"
        ]
      },
      "title": "XSS Vulnerability on closeText option of Dialog jQuery UI",
      "url": "https://github.com/jquery/api.jqueryui.com/issues/281"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c6.0.0",
          "affected_versions": "All versions before",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-08-04",
          "description": "Cross-site scripting (XSS) vulnerability in jQuery UI might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.",
          "fixed_versions": [
            "6.0.0"
          ],
          "identifier": "CVE-2016-7103",
          "identifiers": [
            "CVE-2016-7103"
          ],
          "not_impacted": "All versions starting from 6.0.0",
          "package_slug": "gem/jquery-ui-rails",
          "pubdate": "2017-03-15",
          "solution": "Upgrade to version 6.0.0 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-7103"
          ],
          "uuid": "c9c5a279-b139-4e0e-b14c-8bc42b6bb374"
        },
        {
          "affected_range": "\u003c1.12.0",
          "affected_versions": "All versions before 1.12.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-02-08",
          "description": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.",
          "fixed_versions": [
            "1.12.0"
          ],
          "identifier": "CVE-2016-7103",
          "identifiers": [
            "GHSA-hpcf-8vf9-q4gj",
            "CVE-2016-7103"
          ],
          "not_impacted": "All versions starting from 1.12.0",
          "package_slug": "npm/jquery-ui",
          "pubdate": "2017-10-24",
          "solution": "Upgrade to version 1.12.0 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-7103",
            "https://github.com/jquery/jquery-ui/pull/1622",
            "https://github.com/advisories/GHSA-hpcf-8vf9-q4gj",
            "https://www.npmjs.com/advisories/127",
            "https://github.com/jquery/api.jqueryui.com/issues/281",
            "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6",
            "https://jqueryui.com/changelog/1.12.0/",
            "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
            "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
            "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E",
            "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
            "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/",
            "https://nodesecurity.io/advisories/127",
            "https://security.netapp.com/advisory/ntap-20190416-0007/",
            "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            "https://www.tenable.com/security/tns-2016-19",
            "http://rhn.redhat.com/errata/RHSA-2016-2932.html",
            "http://rhn.redhat.com/errata/RHSA-2016-2933.html",
            "http://rhn.redhat.com/errata/RHSA-2017-0161.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "http://www.securityfocus.com/bid/104823",
            "https://www.oracle.com//security-alerts/cpujul2021.html",
            "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html",
            "https://www.drupal.org/sa-core-2022-002",
            "https://www.oracle.com/security-alerts/cpujan2022.html"
          ],
          "uuid": "234476f6-380e-49d0-a146-99ccd3af06ca"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.11.4",
                "versionStartIncluding": "1.10.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.2",
                "versionStartIncluding": "16.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12.4",
                "versionStartIncluding": "17.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "18.8.4",
                "versionStartIncluding": "18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "21.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.12.42",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7103"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodesecurity.io/advisories/127",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://nodesecurity.io/advisories/127"
            },
            {
              "name": "https://jqueryui.com/changelog/1.12.0/",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://jqueryui.com/changelog/1.12.0/"
            },
            {
              "name": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
            },
            {
              "name": "https://github.com/jquery/api.jqueryui.com/issues/281",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/jquery/api.jqueryui.com/issues/281"
            },
            {
              "name": "RHSA-2017:0161",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2016-19",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2016-19"
            },
            {
              "name": "RHSA-2016:2933",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html"
            },
            {
              "name": "RHSA-2016:2932",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "104823",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104823"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190416-0007/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190416-0007/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.drupal.org/sa-core-2022-002",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.drupal.org/sa-core-2022-002"
            },
            {
              "name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/"
            },
            {
              "name": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
            },
            {
              "name": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
            },
            {
              "name": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-06-22T19:50Z",
      "publishedDate": "2017-03-15T16:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

GHSA-hpcf-8vf9-q4gj

Vulnerability from github

Recommendation

cve-2016-7103

Vulnerability from cvelistv5

gsd-2016-7103

Vulnerability from gsd

Tags

Sightings

Nomenclature