Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-41182

Published: 26/10/2021 Updated: 31/08/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Jqueryui

Vulnerability Summary

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jqueryui jquery ui

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

netapp h300s_firmware -

debian debian linux 9.0

drupal drupal

oracle hospitality suite8 8.10.2

oracle weblogic server 12.2.1.3.0

oracle primavera unifier 17.7

oracle primavera unifier 17.8

oracle primavera unifier 17.9

oracle primavera unifier 17.10

oracle primavera unifier 17.11

oracle primavera unifier 17.12

oracle primavera unifier 18.8

oracle weblogic server 12.2.1.4.0

oracle primavera unifier 19.12

oracle weblogic server 14.1.1.0.0

oracle primavera unifier 20.12

oracle communications interactive session recorder 6.4

oracle communications operations monitor 4.3

oracle communications operations monitor 4.4

oracle communications operations monitor 5.0

oracle primavera unifier 21.12

oracle mysql enterprise monitor

oracle hospitality suite8

tenable tenable.sc

oracle primavera unifier

oracle hospitality materials control 18.1

oracle agile plm 9.3.6

oracle peoplesoft enterprise peopletools 8.58

oracle banking platform 2.9.0

oracle hospitality inventory management 9.1.0

oracle peoplesoft enterprise peopletools 8.59

oracle banking platform 2.12.0

oracle big data spatial and graph 23.1

oracle big data spatial and graph

oracle jd edwards enterpriseone tools

oracle rest data services

oracle application express

oracle rest data services 22.1.1

oracle policy automation

Vendor Advisories

Red Hat: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
Synopsis Moderate: RHV Manager (ovirt-engine) [ovirt-450] security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now available ...
Red Hat: CVE-2021-41182
jQuery-UI is the official jQuery user interface library Prior to version 1130, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code The issue is fixed in jQuery UI 1130 Any string value passed to the `altField` option is now treated as a CSS selector A workaround is to not a ...
Tenable Security Advisories: [R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact ...

References

CWE-79https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwchttps://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/https://security.netapp.com/advisory/ntap-20211118-0004/https://www.drupal.org/sa-contrib-2022-004https://www.drupal.org/sa-core-2022-002https://lists.debian.org/debian-lts-announce/2022/01/msg00014.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.tenable.com/security/tns-2022-09https://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/https://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlhttps://access.redhat.com/errata/RHSA-2022:4711https://nvd.nist.govhttps://www.tenable.com/security/tns-2022-09
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook