Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2021-41183

Published: 26/10/2021 Updated: 31/08/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Jquery Ui

Vulnerability Summary

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jqueryui jquery ui

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

fedoraproject fedora 36

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

debian debian linux 9.0

drupal drupal

oracle hospitality suite8 8.10.2

oracle weblogic server 12.2.1.3.0

oracle agile plm 9.3.6

oracle weblogic server 12.2.1.4.0

oracle peoplesoft enterprise peopletools 8.58

oracle weblogic server 14.1.1.0.0

oracle banking platform 2.9.0

oracle primavera gateway 19.12.0

oracle primavera gateway

oracle primavera gateway 18.8.0

oracle hospitality inventory management 9.1.0

oracle communications interactive session recorder 6.4

oracle peoplesoft enterprise peopletools 8.59

oracle communications operations monitor 4.3

oracle primavera gateway 20.12.0

oracle banking platform 2.12.0

oracle communications operations monitor 4.4

oracle communications operations monitor 5.0

oracle primavera gateway 21.12.0

oracle big data spatial and graph 23.1

oracle big data spatial and graph

oracle mysql enterprise monitor

oracle hospitality suite8

oracle jd edwards enterpriseone tools

oracle rest data services

oracle application express

oracle policy automation

oracle rest data services 22.1.1

tenable tenable.sc

Vendor Advisories

Red Hat: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update
Synopsis Moderate: RHV Manager (ovirt-engine) [ovirt-450] security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now available ...
Red Hat: CVE-2021-41183
jQuery-UI is the official jQuery user interface library Prior to version 1130, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code The issue is fixed in jQuery UI 1130 The values passed to various `*Text` options are now always treated as pure text, not HTML A workaround ...
Tenable Security Advisories: [R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact ...

References

CWE-79https://bugs.jqueryui.com/ticket/15284https://github.com/jquery/jquery-ui/pull/1953https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/https://security.netapp.com/advisory/ntap-20211118-0004/https://www.drupal.org/sa-contrib-2022-004https://www.drupal.org/sa-core-2022-001https://www.drupal.org/sa-core-2022-002https://lists.debian.org/debian-lts-announce/2022/01/msg00014.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.tenable.com/security/tns-2022-09https://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/https://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlhttps://access.redhat.com/errata/RHSA-2022:4711https://nvd.nist.govhttps://www.tenable.com/security/tns-2022-09
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook