high
7.2
CWE
79
Advisory Published
CVE Published
Advisory Published
Updated

CVE-2021-41182: XSS in the `altField` option of the Datepicker widget

First published: Mon Oct 25 2021(Updated: )

### Impact Accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: ```js $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); ``` will call the `doEvilThing` function. ### Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. ### Workarounds A workaround is to not accept the value of the `altField` option from untrusted sources. ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery UI repo](https://github.com/jquery/jquery-ui/issues). If you don't find an answer, open a new issue.

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
rubygems/jquery-ui-rails<7.0.0
7.0.0
maven/org.webjars.npm:jquery-ui<1.13.0
1.13.0
nuget/jQuery.UI.Combined<1.13.0
1.13.0
npm/jquery-ui<1.13.0
1.13.0
debian/jqueryui
1.12.1+dfsg-8+deb11u2
1.13.2+dfsg-1
debian/otrs2<=6.0.32-6
IBM QRadar Security Information and Event Manager<=7.5.0 GA
IBM QRadar Security Information and Event Manager<=7.4.3 GA - 7.4.3 FP4
IBM QRadar Security Information and Event Manager<=7.3.3 GA - 7.3.3 FP10
jQuery UI<1.13.0
Fedora=33
Fedora=34
Fedora=35
Fedora=36
All of
NetApp H500S Firmware
NetApp H500s
All of
NetApp H700S
NetApp H700S
All of
NetApp H300E Firmware
NetApp H300E Firmware
All of
NetApp H500E
NetApp H500E
All of
NetApp H700E
NetApp H700E
All of
NetApp H410S Firmware
NetApp H410S Firmware
All of
NetApp H410C Firmware
NetApp H410C
All of
NetApp H300S Firmware
NetApp H300S
Debian=9.0
Drupal>=7.0<7.86
Oracle Communications Interactive Session Recorder=6.4
Oracle Communications Operations Monitor=4.3
Oracle Communications Operations Monitor=4.4
Oracle Communications Operations Monitor=5.0
Oracle Hospitality Suite 8 Property Interfaces>=8.11.0<=8.14.0
Oracle Hospitality Suite 8 Property Interfaces=8.10.2
MySQL Enterprise Monitor<=8.0.29
Oracle Primavera Unifier=17.7
Oracle Primavera Unifier=17.8
Oracle Primavera Unifier=17.9
Oracle Primavera Unifier=17.10
Oracle Primavera Unifier=17.11
Oracle Primavera Unifier=17.12
Oracle Primavera Unifier=18.8
Oracle Primavera Unifier=19.12
Oracle Primavera Unifier=20.12
Oracle Primavera Unifier=21.12
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Oracle WebLogic Server=14.1.1.0.0
Tenable.sc<5.21.0
Oracle Agile PLM=9.3.6
Oracle Application Express<22.1.1
Oracle Banking Platform=2.9.0
Oracle Banking Platform=2.12.0
Oracle Big Data Spatial and Graph<23.1
Oracle Big Data Spatial and Graph=23.1
Oracle Hospitality Inventory Management=9.1.0
Oracle Hospitality Materials Control=18.1
Oracle JD Edwards EnterpriseOne Tools<=9.2.6.3
Oracle Peoplesoft Enterprise Campus Software Campus Community=8.58
Oracle Peoplesoft Enterprise Campus Software Campus Community=8.59
Oracle Policy Automation>=12.2.0<=12.2.25
Oracle Primavera Unifier>=17.7<=17.12
Oracle REST Data Services<22.1.1
Oracle REST Data Services=22.1.1
NetApp H500S Firmware
NetApp H500s
NetApp H700S
NetApp H700S
NetApp H300E Firmware
NetApp H300E Firmware
NetApp H500E
NetApp H500E
NetApp H700E
NetApp H700E
NetApp H410S Firmware
NetApp H410S Firmware
NetApp H410C Firmware
NetApp H410C
NetApp H300S Firmware
NetApp H300S

Remedy

https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63

Remedy

https://www.oracle.com/security-alerts/cpuapr2022.html

Remedy

https://www.oracle.com/security-alerts/cpujul2022.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2021-41182?

    CVE-2021-41182 is classified as a high-severity vulnerability due to its potential to execute untrusted code from untrusted sources.

  • How do I fix CVE-2021-41182?

    To fix CVE-2021-41182, update your jQuery UI libraries to versions 1.13.0 or higher, or jQuery UI Rails to version 7.0.0 or higher.

  • What types of software are affected by CVE-2021-41182?

    CVE-2021-41182 affects multiple packages including jQuery UI from various sources such as RubyGems, Maven, and npm, specifically versions below 1.13.0.

  • What is the exploit vector for CVE-2021-41182?

    The exploit vector for CVE-2021-41182 involves setting the `altField` option of the Datepicker widget to untrusted values, potentially leading to code execution.

  • Are there any patches available for CVE-2021-41182?

    Yes, patches are available for CVE-2021-41182 in the updated versions of jQuery UI and related packages.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203