Item15061: multiple cross-site scripting vulnerability in jQuery UI

pencil
Priority: Security
Current State: Closed
Released In: 2.1.7
Target Release: patch
Applies To: Extension
Component: JQueryPlugin
Branches:
Reported By: MichaelDaum
Waiting For:
Last Change By: MichaelDaum
See:

  • CVE-2021-41182: XSS in the `altField` option of the Datepicker widget in jQuery UI < 1.30.0
  • CVE-2021-41183: XSS in `*Text` options of the Datepicker widget in jQuery UI < 1.30.0
  • CVE-2021-41184: XSS in the `of` option of the `.position()` util in jQuery UI &kt; 1.30.0
  • CVE-2016-7103: XSS in closeText option of Dialog in jQuery UI < 1.12.0

The package needs to be upgraded to version 1.13.1

-- MichaelDaum - 21 Jan 2022

 

ItemTemplate edit

Summary multiple cross-site scripting vulnerability in jQuery UI
ReportedBy MichaelDaum
Codebase
SVN Range
AppliesTo Extension
Component JQueryPlugin
Priority Security
CurrentState Closed
WaitingFor
Checkins
TargetRelease patch
ReleasedIn 2.1.7
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release02x01Checkins
Release02x00Checkins
Release01x01Checkins
Topic revision: r3 - 28 Mar 2022, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy