First published: Mon Nov 24 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
nuget/jQuery.UI.Combined | <1.10.0 | 1.10.0 |
maven/org.webjars.npm:jquery-ui | <1.10.0 | 1.10.0 |
rubygems/jquery-ui-rails | <4.0.0 | 4.0.0 |
npm/jquery-ui | <1.10.0 | 1.10.0 |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Hpc Node | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Jqueryui Jquery Ui Jquery | =1.10.0-rc1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.