4.3
CVSSv2

CVE-2021-41183

CVSSv4: NA | CVSSv3: 6.1 | CVSSv2: 4.3 | VMScore: 710 | EPSS: 0.00661 | KEV: Not Included
Published: 26/10/2021 Updated: 21/11/2024

Vulnerability Summary

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jqueryui jquery ui

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

netapp h300s firmware -

netapp h500s firmware -

netapp h700s firmware -

netapp h300e firmware -

netapp h500e firmware -

netapp h700e firmware -

netapp h410s firmware -

netapp h410c firmware -

debian debian linux 9.0

drupal drupal

oracle agile plm 9.3.6

oracle application express

oracle banking platform 2.9.0

oracle banking platform 2.12.0

oracle big data spatial and graph

oracle big data spatial and graph 23.1

oracle communications interactive session recorder 6.4

oracle communications operations monitor 4.3

oracle communications operations monitor 4.4

oracle communications operations monitor 5.0

oracle hospitality inventory management 9.1.0

oracle hospitality suite8

oracle hospitality suite8 8.10.2

oracle jd edwards enterpriseone tools

oracle mysql enterprise monitor

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle policy automation

oracle primavera gateway

oracle primavera gateway 18.8.0

oracle primavera gateway 19.12.0

oracle primavera gateway 20.12.0

oracle primavera gateway 21.12.0

oracle rest data services

oracle rest data services 22.1.1

oracle weblogic server 12.2.1.3.0

oracle weblogic server 12.2.1.4.0

oracle weblogic server 14.1.1.0.0

tenable tenable.sc

Vendor Advisories

Synopsis Moderate: RHV Manager (ovirt-engine) [ovirt-450] security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now available ...
jQuery-UI is the official jQuery user interface library Prior to version 1130, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code The issue is fixed in jQuery UI 1130 The values passed to various `*Text` options are now always treated as pure text, not HTML A workaround ...
Tenablesc leverages third-party software to help provide underlying functionality Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact ...

Github Repositories

Runs `bundle-audit check --update` and outputs results.

Bundle Audit Action This is a GitHub action that runs bundle-audit check --update, and then outputs some information about the results It's designed to be used in conjection with other actions that do something with the results See: bundle-audit-check-action bundle-audit-to-asana-action Inputs Name Description Required Default ignore_list "Space-separated l

References

CWE-79CWE-79https://access.redhat.com/errata/RHSA-2022:4711https://nvd.nist.govhttps://github.com/planningcenter/bundle-audit-actionhttps://www.first.org/epsshttps://www.tenable.com/security/tns-2022-09https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/https://bugs.jqueryui.com/ticket/15284https://github.com/jquery/jquery-ui/pull/1953https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4https://lists.debian.org/debian-lts-announce/2022/01/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/https://security.netapp.com/advisory/ntap-20211118-0004/https://www.drupal.org/sa-contrib-2022-004https://www.drupal.org/sa-core-2022-001https://www.drupal.org/sa-core-2022-002https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.tenable.com/security/tns-2022-09https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/https://bugs.jqueryui.com/ticket/15284https://github.com/jquery/jquery-ui/pull/1953https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4https://lists.debian.org/debian-lts-announce/2022/01/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/https://security.netapp.com/advisory/ntap-20211118-0004/https://www.drupal.org/sa-contrib-2022-004https://www.drupal.org/sa-core-2022-001https://www.drupal.org/sa-core-2022-002https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.tenable.com/security/tns-2022-09