jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
2021-10-26T15:15:10.387
2024-11-21T06:25:42.137
Modified
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | jqueryui | jquery_ui | < 1.13.0 | Yes |
| Operating System | fedoraproject | fedora | 33 | Yes |
| Operating System | fedoraproject | fedora | 34 | Yes |
| Operating System | fedoraproject | fedora | 35 | Yes |
| Operating System | fedoraproject | fedora | 36 | Yes |
| Operating System | netapp | h300s_firmware | - | Yes |
| Hardware | netapp | h300s | - | No |
| Operating System | netapp | h500s_firmware | - | Yes |
| Hardware | netapp | h500s | - | No |
| Operating System | netapp | h700s_firmware | - | Yes |
| Hardware | netapp | h700s | - | No |
| Operating System | netapp | h300e_firmware | - | Yes |
| Hardware | netapp | h300e | - | No |
| Operating System | netapp | h500e_firmware | - | Yes |
| Hardware | netapp | h500e | - | No |
| Operating System | netapp | h700e_firmware | - | Yes |
| Hardware | netapp | h700e | - | No |
| Operating System | netapp | h410s_firmware | - | Yes |
| Hardware | netapp | h410s | - | No |
| Operating System | netapp | h410c_firmware | - | Yes |
| Hardware | netapp | h410c | - | No |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Application | drupal | drupal | < 7.86 | Yes |
| Application | drupal | drupal | < 9.2.11 | Yes |
| Application | drupal | drupal | < 9.3.3 | Yes |
| Application | oracle | agile_plm | 9.3.6 | Yes |
| Application | oracle | application_express | < 22.1.1 | Yes |
| Application | oracle | banking_platform | 2.9.0 | Yes |
| Application | oracle | banking_platform | 2.12.0 | Yes |
| Application | oracle | big_data_spatial_and_graph | < 23.1 | Yes |
| Application | oracle | big_data_spatial_and_graph | 23.1 | Yes |
| Application | oracle | communications_interactive_session_recorder | 6.4 | Yes |
| Application | oracle | communications_operations_monitor | 4.3 | Yes |
| Application | oracle | communications_operations_monitor | 4.4 | Yes |
| Application | oracle | communications_operations_monitor | 5.0 | Yes |
| Application | oracle | hospitality_inventory_management | 9.1.0 | Yes |
| Application | oracle | hospitality_suite8 | ≤ 11.14.0 | Yes |
| Application | oracle | hospitality_suite8 | 8.10.2 | Yes |
| Application | oracle | jd_edwards_enterpriseone_tools | ≤ 9.2.6.3 | Yes |
| Application | oracle | mysql_enterprise_monitor | ≤ 8.0.29 | Yes |
| Application | oracle | peoplesoft_enterprise_peopletools | 8.58 | Yes |
| Application | oracle | peoplesoft_enterprise_peopletools | 8.59 | Yes |
| Application | oracle | policy_automation | ≤ 12.2.5 | Yes |
| Application | oracle | primavera_gateway | ≤ 17.12 | Yes |
| Application | oracle | primavera_gateway | 18.8.0 | Yes |
| Application | oracle | primavera_gateway | 19.12.0 | Yes |
| Application | oracle | primavera_gateway | 20.12.0 | Yes |
| Application | oracle | primavera_gateway | 21.12.0 | Yes |
| Application | oracle | rest_data_services | < 22.1.1 | Yes |
| Application | oracle | rest_data_services | 22.1.1 | Yes |
| Application | oracle | weblogic_server | 12.2.1.3.0 | Yes |
| Application | oracle | weblogic_server | 12.2.1.4.0 | Yes |
| Application | oracle | weblogic_server | 14.1.1.0.0 | Yes |
| Application | tenable | tenable.sc | < 5.21.0 | Yes |