CVE-2012-6662
Severity
4.3MEDIUM
EPSS
7.0%
top 8.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 24
Latest updateOct 24
Description
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages10 packages
Patches
🔴Vulnerability Details
4📋Vendor Advisories
2💬Community
31Bugzilla▶
CVE-2012-6662 cinnamon: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]↗2014-11-20
Bugzilla▶
CVE-2012-6662 nodejs-should: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]↗2014-11-20
Bugzilla▶
CVE-2012-6662 libgda: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]↗2014-11-20
Bugzilla▶
CVE-2012-6662 drupal7-jquery_update: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]↗2014-11-20
Bugzilla▶
CVE-2012-6662 ikiwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]↗2014-11-20