Search CVE reports
1 – 10 of 16 results
CVE-2022-48197
Medium priority** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE:...
3 affected packages
maas, yui, yui3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
maas | — | Not in release | Not affected | Not affected | Not affected |
yui | — | Not in release | Not in release | Not in release | Needs evaluation |
yui3 | — | Not in release | Not affected | Not affected | Not affected |
CVE-2022-31160
Medium prioritySome fixes available 3 of 4
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an...
1 affected package
jqueryui
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jqueryui | Not affected | Fixed | Fixed | Fixed | Not affected |
CVE-2021-41184
Medium prioritySome fixes available 2 of 4
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI...
1 affected package
jqueryui
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jqueryui | — | Not affected | Fixed | Fixed | Not affected |
CVE-2021-41183
Medium prioritySome fixes available 4 of 7
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in...
1 affected package
jqueryui
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jqueryui | — | Not affected | Fixed | Fixed | Fixed |
CVE-2021-41182
Medium prioritySome fixes available 4 of 7
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in...
1 affected package
jqueryui
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jqueryui | — | Not affected | Fixed | Fixed | Fixed |
CVE-2016-7103
Medium prioritySome fixes available 2 of 6
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
1 affected package
jqueryui
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jqueryui | — | Not affected | Not affected | Not affected | Fixed |
CVE-2012-6662
Medium priorityCross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title...
1 affected package
jqueryui
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jqueryui | — | — | — | — | — |
CVE-2010-5312
Medium priorityCross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
1 affected package
jqueryui
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jqueryui | — | — | — | — | Not affected |
CVE-2013-6780
Medium priorityCross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.
3 affected packages
maas, yui, yui3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
maas | — | — | — | — | Not affected |
yui | — | — | — | — | Not affected |
yui3 | — | — | — | — | Not affected |
CVE-2012-5883
Medium priorityCross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows...
2 affected packages
maas, yui
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
maas | — | — | — | Not affected | Not affected |
yui | — | — | — | Not in release | Not affected |