CVE-2016-7103
jquery-ui: cross-site scripting in dialog closeText
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro closeText de la función dialog.
It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-08-27 CVE Reserved
- 2016-12-09 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (30)
URL | Date | SRC |
---|---|---|
https://github.com/jquery/api.jqueryui.com/issues/281 | 2024-08-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jqueryui Search vendor "Jqueryui" | Jquery Ui Search vendor "Jqueryui" for product "Jquery Ui" | >= 1.10.0 <= 1.11.4 Search vendor "Jqueryui" for product "Jquery Ui" and version " >= 1.10.0 <= 1.11.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Application Express Search vendor "Oracle" for product "Application Express" | < 19.1 Search vendor "Oracle" for product "Application Express" and version " < 19.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Business Intelligence Search vendor "Oracle" for product "Business Intelligence" | 12.2.1.3.0 Search vendor "Oracle" for product "Business Intelligence" and version "12.2.1.3.0" | enterprise |
Affected
| ||||||
Oracle Search vendor "Oracle" | Business Intelligence Search vendor "Oracle" for product "Business Intelligence" | 12.2.1.4.0 Search vendor "Oracle" for product "Business Intelligence" and version "12.2.1.4.0" | enterprise |
Affected
| ||||||
Oracle Search vendor "Oracle" | Hospitality Cruise Fleet Management Search vendor "Oracle" for product "Hospitality Cruise Fleet Management" | 9.0.11 Search vendor "Oracle" for product "Hospitality Cruise Fleet Management" and version "9.0.11" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Oss Support Tools Search vendor "Oracle" for product "Oss Support Tools" | < 2.12.42 Search vendor "Oracle" for product "Oss Support Tools" and version " < 2.12.42" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Oss Support Tools Search vendor "Oracle" for product "Oss Support Tools" | 2.12.42 Search vendor "Oracle" for product "Oss Support Tools" and version "2.12.42" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | >= 16.0 <= 16.2 Search vendor "Oracle" for product "Primavera Unifier" and version " >= 16.0 <= 16.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | >= 17.0 <= 17.12.4 Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.0 <= 17.12.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Primavera Unifier Search vendor "Oracle" for product "Primavera Unifier" | >= 18.0 <= 18.8.4 Search vendor "Oracle" for product "Primavera Unifier" and version " >= 18.0 <= 18.8.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Siebel Ui Framework Search vendor "Oracle" for product "Siebel Ui Framework" | <= 21.2 Search vendor "Oracle" for product "Siebel Ui Framework" and version " <= 21.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 10.3.6.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "10.3.6.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.1.3.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.1.3.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.3.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 7.0 Search vendor "Redhat" for product "Openstack" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 8 Search vendor "Redhat" for product "Openstack" and version "8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 9 Search vendor "Redhat" for product "Openstack" and version "9" | - |
Affected
| ||||||
Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.2 Search vendor "Juniper" for product "Junos" and version "21.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|