CVE-2012-6662

Published: 24 November 2014

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

Priority

Status

Package	Release	Status
jqueryui Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Not vulnerable (code not present)
	trusty	Not vulnerable (1.10.1+dfsg-1)
	upstream	Needs triage
	utopic	Not vulnerable (1.10.1+dfsg-1)
	Patches: upstream: https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde

References

https://www.cve.org/CVERecord?id=CVE-2012-6662
NVD
Launchpad
Debian

Bugs

http://bugs.jqueryui.com/ticket/8861

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›