CVE-2016-7103

CWE-79 — Cross-site Scripting (XSS)19 documents10 sources

Severity

6.1MEDIUM

EPSS

1.4%

top 19.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Express Oracle OSS Support Tools Jqueryui Jquery UI +9 more

Timeline

PublishedMar 15

Latest updateOct 5

Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages16 packages

▶npmjquery-ui< 1.12.0

▶RubyGemsjquery-ui-rails< 6.0.0

▶NuGetjQuery.UI.Combined< 1.12.0

▶Mavenorg.webjars.npm:jquery-ui< 1.12.0

▶Debianjqueryui< 1.12.1+dfsg-1+3

Also affects: Debian Linux 9.0, Fedora 30, 35, 36

Patches

Patch: www.oracle.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

jqueryui vulnerabilities↗2023-10-05

▶

OSV

jQuery-UI vulnerable to Cross-site Scripting in dialog closeText↗2017-10-24

▶

GHSA

jQuery-UI vulnerable to Cross-site Scripting in dialog closeText↗2017-10-24

▶

CVEList

CVE-2016-7103: Cross-site scripting (XSS) vulnerability in jQuery UI before 1↗2017-03-15

▶

OSV

CVE-2016-7103: Cross-site scripting (XSS) vulnerability in jQuery UI before 1↗2017-03-15

▶

📋Vendor Advisories

Ubuntu

jQuery UI vulnerabilities↗2023-10-05

▶

Drupal

Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002↗2022-01-19

▶

Oracle

Oracle Oracle Support Tools Risk Matrix: Diagnostic Assistant (jQuery UI) — CVE-2016-7103↗2022-01-15

▶

Oracle

Oracle Oracle Siebel CRM Risk Matrix: UIF Open UI (jQuery UI) — CVE-2016-7103↗2021-04-15

▶

Oracle

Oracle Oracle Database Server Risk Matrix: Oracle Application Express — CVE-2016-7103↗2020-04-15

▶

💬Community

Bugzilla

CVE-2016-7103 rubygem-jquery-ui-rails: jquery-ui: cross-site scripting in dialog closeText [openstack-rdo]↗2017-04-04

▶

Bugzilla

CVE-2016-7103 python-XStatic-jquery-ui: jquery-ui: cross-site scripting in dialog closeText [openstack-rdo]↗2017-04-04

▶

Bugzilla

CVE-2016-7103 rubygem-jquery-ui-rails: jquery-ui: cross-site scripting in dialog closeText [fedora-all]↗2016-07-26

▶

Bugzilla

CVE-2016-7103 python-XStatic-jquery-ui: jquery-ui: cross-site scripting in dialog closeText [epel-7]↗2016-07-26

▶

Bugzilla

CVE-2016-7103 jquery-ui: cross-site scripting in dialog closeText↗2016-07-26

▶