Search CVE reports


Toggle filters

1 – 10 of 16 results


CVE-2022-48197

Medium priority
Needs evaluation

** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE:...

3 affected packages

maas, yui, yui3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas Not in release Not affected Not affected Not affected
yui Not in release Not in release Not in release Needs evaluation
yui3 Not in release Not affected Not affected Not affected
Show less packages

CVE-2022-31160

Medium priority

Some fixes available 3 of 4

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an...

1 affected package

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Fixed Not affected
Show less packages

CVE-2021-41184

Medium priority

Some fixes available 2 of 4

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI...

1 affected package

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Not affected
Show less packages

CVE-2021-41183

Medium priority

Some fixes available 4 of 7

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in...

1 affected package

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-41182

Medium priority

Some fixes available 4 of 7

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in...

1 affected package

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Fixed
Show less packages

CVE-2016-7103

Medium priority

Some fixes available 2 of 6

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

1 affected package

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Not affected Not affected Fixed
Show less packages

CVE-2012-6662

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title...

1 affected package

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui
Show less packages

CVE-2010-5312

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

1 affected package

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected
Show less packages

CVE-2013-6780

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.

3 affected packages

maas, yui, yui3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas Not affected
yui Not affected
yui3 Not affected
Show less packages

CVE-2012-5883

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows...

2 affected packages

maas, yui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
maas Not affected Not affected
yui Not in release Not affected
Show less packages