CVE-2010-5312
Published: 24 November 2014
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
jqueryui Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Not vulnerable
(1.10.1+dfsg-1)
|
|
| upstream |
Needed
|
|
| utopic |
Not vulnerable
(1.10.1+dfsg-1)
|
|
| vivid |
Not vulnerable
(1.10.1+dfsg-1)
|
|
| wily |
Not vulnerable
(1.10.1+dfsg-1)
|
|
| xenial |
Not vulnerable
(1.10.1+dfsg-1)
|
|
| yakkety |
Not vulnerable
(1.10.1+dfsg-1)
|
|
| zesty |
Not vulnerable
(1.10.1+dfsg-1)
|
|
|
Patches: upstream: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.1 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |