CVE-2016-7103

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

References

Affected packages

Debian:11 / jqueryui

Package

Name: jqueryui
Purl: pkg:deb/debian/jqueryui?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / jqueryui

Package

Name: jqueryui
Purl: pkg:deb/debian/jqueryui?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / jqueryui

Package

Name: jqueryui
Purl: pkg:deb/debian/jqueryui?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / jqueryui

Package

Name: jqueryui
Purl: pkg:deb/debian/jqueryui?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/jquery/jquery-ui

Affected ranges

Type: GIT
Repo: https://github.com/jquery/jquery-ui
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9644e7bae9116edaf8d37c5b38cb32b892f10ff6

Affected versions

1.*

1.5.1

1.5.2

1.6

1.6rc2

1.6rc3

1.6rc5

1.6rc6

1.7

1.8

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8a1

1.8a2

1.8b1

1.8rc1

1.8rc2

1.8rc3

1.9.0-beta.1

1.9.0m8

1.9m4

1.9m5

1.9m6

1.9m7