Published: 24/11/2014 Updated: 14/07/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI prior to 1.10.0 allows remote malicious users to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux hpc node 7.0
jqueryui jquery ui 1.10.0

CWE-79 https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e http://bugs.jqueryui.com/ticket/8861 http://seclists.org/oss-sec/2014/q4/616 http://seclists.org/oss-sec/2014/q4/613 http://bugs.jqueryui.com/ticket/8859 http://rhn.redhat.com/errata/RHSA-2015-0442.html http://www.securityfocus.com/bid/71107 http://rhn.redhat.com/errata/RHSA-2015-1462.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98697 https://github.com/jquery/jquery/issues/2432 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-6662

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect