icon

We found results for “

CVE-2021-41183

Good to know:

icon
icon

Date: October 25, 2021

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various "*Text" options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various "*Text" options are now always treated as pure text, not HTML. A workaround is to not accept the value of the "*Text" options from untrusted sources.

Language: JS

Severity Score

Related Resources (34)

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version jQuery.UI.Combined - 1.13.0;jquery-ui - 1.13.0;jquery-ui-rails - 7.0.0;org.webjars.npm:jquery-ui:1.13.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us