Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2022-31160

Medium priority

Some fixes available 3 of 4

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an...

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Fixed Not affected
Show less packages

CVE-2021-41184

Medium priority

Some fixes available 2 of 4

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI...

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Not affected
Show less packages

CVE-2021-41183

Medium priority

Some fixes available 4 of 7

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in...

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-41182

Medium priority

Some fixes available 4 of 7

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in...

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Fixed
Show less packages

CVE-2016-7103

Medium priority

Some fixes available 2 of 6

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Not affected Not affected Fixed
Show less packages

CVE-2012-6662

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title...

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui
Show less packages

CVE-2010-5312

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected
Show less packages