CVE-2010-5312 – jquery.ui.combined

Package

Manager: nuget
Name: jquery.ui.combined
Vulnerable Version: >=1.7.0 <1.10.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.045 pctl0.88694

Details

Cross-site Scripting in jquery-ui Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

Metadata

Created: 2017-10-24T18:33:38Z
Modified: 2025-04-14T21:53:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-wcm2-9c89-wmfm/GHSA-wcm2-9c89-wmfm.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-wcm2-9c89-wmfm
Finding: F008
Auto approve: 1