First published: Mon Oct 25 2021(Updated: )
### Impact Accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: ```js $( "#datepicker" ).datepicker( { altField: "<img onerror='doEvilThing()' src='/404' />", } ); ``` will call the `doEvilThing` function. ### Patches The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. ### Workarounds A workaround is to not accept the value of the `altField` option from untrusted sources. ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery UI repo](https://github.com/jquery/jquery-ui/issues). If you don't find an answer, open a new issue.
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/jquery-ui-rails | <7.0.0 | 7.0.0 |
maven/org.webjars.npm:jquery-ui | <1.13.0 | 1.13.0 |
nuget/jQuery.UI.Combined | <1.13.0 | 1.13.0 |
npm/jquery-ui | <1.13.0 | 1.13.0 |
Jqueryui Jquery Ui Jquery | <1.13.0 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
All of | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
All of | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
All of | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
All of | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
All of | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
All of | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
All of | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
Debian Debian Linux | =9.0 | |
Drupal Drupal | >=7.0<7.86 | |
Oracle Communications Interactive Session Recorder | =6.4 | |
Oracle Communications Operations Monitor | =4.3 | |
Oracle Communications Operations Monitor | =4.4 | |
Oracle Communications Operations Monitor | =5.0 | |
Oracle Hospitality Suite8 | >=8.11.0<=8.14.0 | |
Oracle Hospitality Suite8 | =8.10.2 | |
Oracle Mysql Enterprise Monitor | <=8.0.29 | |
Oracle Primavera Unifier | =17.7 | |
Oracle Primavera Unifier | =17.8 | |
Oracle Primavera Unifier | =17.9 | |
Oracle Primavera Unifier | =17.10 | |
Oracle Primavera Unifier | =17.11 | |
Oracle Primavera Unifier | =17.12 | |
Oracle Primavera Unifier | =18.8 | |
Oracle Primavera Unifier | =19.12 | |
Oracle Primavera Unifier | =20.12 | |
Oracle Primavera Unifier | =21.12 | |
Oracle WebLogic Server | =12.2.1.3.0 | |
Oracle WebLogic Server | =12.2.1.4.0 | |
Oracle WebLogic Server | =14.1.1.0.0 | |
Tenable Tenable.sc | <5.21.0 | |
Oracle Agile PLM | =9.3.6 | |
Oracle Application Express | <22.1.1 | |
Oracle Banking Platform | =2.9.0 | |
Oracle Banking Platform | =2.12.0 | |
Oracle Big Data Spatial And Graph | <23.1 | |
Oracle Big Data Spatial And Graph | =23.1 | |
Oracle Hospitality Inventory Management | =9.1.0 | |
Oracle Hospitality Materials Control | =18.1 | |
Oracle Jd Edwards Enterpriseone Tools | <=9.2.6.3 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.59 | |
Oracle Policy Automation | >=12.2.0<=12.2.25 | |
Oracle Primavera Unifier | >=17.7<=17.12 | |
Oracle REST Data Services | <22.1.1 | |
Oracle REST Data Services | =22.1.1 | |
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
debian/jqueryui | 1.12.1+dfsg-8+deb11u2 1.13.2+dfsg-1 | |
debian/otrs2 | <=6.0.32-6 | |
IBM QRadar SIEM | <=7.5.0 GA | |
IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 | |
<1.13.0 | ||
=33 | ||
=34 | ||
=35 | ||
=36 | ||
All of | ||
All of | ||
All of | ||
All of | ||
All of | ||
All of | ||
All of | ||
All of | ||
=9.0 | ||
>=7.0<7.86 | ||
=6.4 | ||
=4.3 | ||
=4.4 | ||
=5.0 | ||
>=8.11.0<=8.14.0 | ||
=8.10.2 | ||
<=8.0.29 | ||
=17.7 | ||
=17.8 | ||
=17.9 | ||
=17.10 | ||
=17.11 | ||
=17.12 | ||
=18.8 | ||
=19.12 | ||
=20.12 | ||
=21.12 | ||
=12.2.1.3.0 | ||
=12.2.1.4.0 | ||
=14.1.1.0.0 | ||
<5.21.0 | ||
=9.3.6 | ||
<22.1.1 | ||
=2.9.0 | ||
=2.12.0 | ||
<23.1 | ||
=23.1 | ||
=9.1.0 | ||
=18.1 | ||
<=9.2.6.3 | ||
=8.58 | ||
=8.59 | ||
>=12.2.0<=12.2.25 | ||
>=17.7<=17.12 | ||
<22.1.1 | ||
=22.1.1 |
https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.