CVE-2021-41184
published 2021-10-26CVE-2021-41184: jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | jqueryui | < jqueryui 1.13.0+dfsg-1 (bookworm) | jqueryui 1.13.0+dfsg-1 (bookworm) |
| debian | otrs2 | < jqueryui 1.13.0+dfsg-1 (bookworm) | jqueryui 1.13.0+dfsg-1 (bookworm) |
| drupal | core | >= 8.0.0 < 9.2.11 | 9.2.11 |
| drupal | core | >= 9.3.0 < 9.3.3 | 9.3.3 |
| drupal | drupal | >= 7.0 < 7.86 | 7.86 |
| drupal | drupal | >= 9.2.0 < 9.2.11 | 9.2.11 |
| drupal | drupal | >= 9.3.0 < 9.3.3 | 9.3.3 |
| drupal | drupal_core | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| jquery | jquery-ui | < 1.13.0 | 1.13.0 |
| jquery | jquery-ui | >= 0 < 1.13.0 | 1.13.0 |
| jqueryui | jquery_ui | < 1.13.0 | 1.13.0 |
| oracle | agile_plm | — | — |
| oracle | application_express | < 22.1.1 | 22.1.1 |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | big_data_spatial_and_graph | < 23.1 | 23.1 |
| oracle | big_data_spatial_and_graph | — | — |
| oracle | communications_interactive_session_recorder | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM