Fluid Attacks Database

Description

Cross-site Scripting in jquery-ui Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	jqueryui	>=0 <1.10.1+dfsg-1	1.10.1+dfsg-1
maven	org.webjars.npm:jquery-ui	>=1.7.0 <1.10.0	1.10.0
debian 14	jqueryui	>=0 <1.10.1+dfsg-1	1.10.1+dfsg-1
rubygems	jquery-ui-rails	>=0 <4.0.0	4.0.0
debian 12	jqueryui	>=0 <1.10.1+dfsg-1	1.10.1+dfsg-1
nuget	jquery.ui.combined	>=1.7.0 <1.10.0	1.10.0
npm	jquery-ui	>=1.7.0 <1.10.0	1.10.0
debian 11	jqueryui	>=0 <1.10.1+dfsg-1	1.10.1+dfsg-1
rpm rhel7	python-sphinx	-	-
rpm rhel7	ipa	<0:4.1.0-18.el7	0:4.1.0-18.el7

1-10 of 13

Aliases

1. CVE-2010-53122. NVD-2010-53123. OSV-DEBIAN-2010-53124. OSV-2010-53125. GCVE-2010-53126. SECURITY-TRACKER-CVE-2010-53127. lists.debian.org

References

1. https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f32. https://www.drupal.org/sa-core-2022-0023. https://web.archive.org/web/20170316161850/http://www.securitytracker.com/id/10370354. https://web.archive.org/web/20150316023043/http://www.securityfocus.com/bid/711065. https://security.netapp.com/advisory/ntap-20190416-00076. https://lists.fedoraproject.org/archives/list/[email protected]/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL47. https://lists.fedoraproject.org/archives/list/[email protected]/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE38. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL49. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE310. https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E11. https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E12. https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E13. https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E14. https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E15. https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E16. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2010-5312.yml17. https://exchange.xforce.ibmcloud.com/vulnerabilities/9869618. http://bugs.jqueryui.com/ticket/601619. http://rhn.redhat.com/errata/RHSA-2015-0442.html20. http://rhn.redhat.com/errata/RHSA-2015-1462.html21. http://seclists.org/oss-sec/2014/q4/61322. http://seclists.org/oss-sec/2014/q4/61623. http://www.debian.org/security/2015/dsa-324924. http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html