CVE-2010-5312 – jquery-ui

Package

Manager: npm
Name: jquery-ui
Vulnerable Version: >=1.7.0 <1.10.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.045 pctl0.88696

Details

Cross-site Scripting in jquery-ui Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

Metadata

Created: 2017-10-24T18:33:38Z
Modified: 2025-04-14T21:53:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-wcm2-9c89-wmfm/GHSA-wcm2-9c89-wmfm.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-wcm2-9c89-wmfm
Finding: F008
Auto approve: 1