CVE-2010-5312

medium

Description

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

References

https://www.drupal.org/sa-core-2022-002

https://security.netapp.com/advisory/ntap-20190416-0007/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3

https://exchange.xforce.ibmcloud.com/vulnerabilities/98696

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.debian.org/security/2015/dsa-3249

http://seclists.org/oss-sec/2014/q4/616

http://seclists.org/oss-sec/2014/q4/613

http://rhn.redhat.com/errata/RHSA-2015-1462.html

http://rhn.redhat.com/errata/RHSA-2015-0442.html

Details

Source: Mitre, NVD

Published: 2014-11-24

Updated: 2023-06-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N