Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-6662

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

Published

2014-11-24T16:59:01.993

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_hpc_node	7.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Application	jqueryui	jquery_ui	1.10.0	Yes

References

http://bugs.jqueryui.com/ticket/8859 Issue Tracking, Vendor Advisory ([email protected])
http://bugs.jqueryui.com/ticket/8861 Issue Tracking, Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-0442.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1462.html ([email protected])
http://seclists.org/oss-sec/2014/q4/613 Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/oss-sec/2014/q4/616 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/71107 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/98697 ([email protected])
https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde Issue Tracking, Patch, Third Party Advisory ([email protected])
https://github.com/jquery/jquery/issues/2432 ([email protected])
http://bugs.jqueryui.com/ticket/8859 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.jqueryui.com/ticket/8861 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-0442.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1462.html (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2014/q4/613 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2014/q4/616 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/71107 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98697 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/jquery/jquery/issues/2432 (af854a3a-2127-422b-91ae-364da2661108)