CVE-2010-5312
jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
Vulnerabilidad de XSS en jquery.ui.dialog.js en el widget Dialog en jQuery UI anterior a 1.10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la opción del título.
Two cross-site scripting flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. Note: The IdM version provided by this update no longer uses jQuery. The ipa-server-install, ipa-replica-install, and ipa-client-install utilities are not supported on machines running in FIPS-140 mode. Previously, IdM did not warn users about this. Now, IdM does not allow running the utilities in FIPS-140 mode, and displays an explanatory message.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-14 CVE Reserved
- 2014-11-24 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-05-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (21)
URL | Tag | Source |
---|---|---|
http://seclists.org/oss-sec/2014/q4/613 | Mailing List |
|
http://seclists.org/oss-sec/2014/q4/616 | Mailing List |
|
http://www.securityfocus.com/bid/71106 | Broken Link | |
http://www.securitytracker.com/id/1037035 | Broken Link | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/98696 | Third Party Advisory | |
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E | Mailing List | |
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E | Mailing List | |
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E | Mailing List | |
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html | Mailing List |
|
https://security.netapp.com/advisory/ntap-20190416-0007 | Third Party Advisory |
|
https://www.drupal.org/sa-core-2022-002 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
http://bugs.jqueryui.com/ticket/6016 | 2024-08-07 |
URL | Date | SRC |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | 2023-06-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Jqueryui Search vendor "Jqueryui" | Jquery Ui Search vendor "Jqueryui" for product "Jquery Ui" | < 1.10.0 Search vendor "Jqueryui" for product "Jquery Ui" and version " < 1.10.0" | jquery |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
Apache Search vendor "Apache" | Drill Search vendor "Apache" for product "Drill" | 1.16.0 Search vendor "Apache" for product "Drill" and version "1.16.0" | - |
Affected
| ||||||
Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | >= 7.0 < 7.86 Search vendor "Drupal" for product "Drupal" and version " >= 7.0 < 7.86" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|