Published: 26/10/2021 Updated: 21/11/2024

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jqueryui jquery ui
fedoraproject fedora 33
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
netapp h300s firmware -
netapp h500s firmware -
netapp h700s firmware -
netapp h300e firmware -
netapp h500e firmware -
netapp h700e firmware -
netapp h410s firmware -
netapp h410c firmware -
drupal drupal
tenable tenable.sc
oracle agile plm 9.3.6
oracle application express
oracle banking platform 2.9.0
oracle banking platform 2.12.0
oracle big data spatial and graph
oracle big data spatial and graph 23.1
oracle communications interactive session recorder 6.4
oracle communications operations monitor 4.3
oracle communications operations monitor 4.4
oracle communications operations monitor 5.0
oracle hospitality inventory management 9.1.0
oracle hospitality materials control 18.1
oracle hospitality suite8
oracle hospitality suite8 8.10.2
oracle jd edwards enterpriseone tools
oracle peoplesoft enterprise peopletools 8.58
oracle peoplesoft enterprise peopletools 8.59
oracle policy automation
oracle primavera unifier
oracle primavera unifier 18.8
oracle primavera unifier 19.12
oracle primavera unifier 20.12
oracle primavera unifier 21.12
oracle rest data services
oracle rest data services 22.1.1
oracle weblogic server 12.2.1.3.0
oracle weblogic server 12.2.1.4.0
oracle weblogic server 14.1.1.0.0

Synopsis Moderate: RHV Manager (ovirt-engine) [ovirt-450] security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now available ...

jQuery-UI is the official jQuery user interface library Prior to version 1130, accepting the value of the `of` option of the `position()` util from untrusted sources may execute untrusted code The issue is fixed in jQuery UI 1130 Any string value passed to the `of` option is now treated as a CSS selector A workaround is to not accept the v ...

Tenablesc leverages third-party software to help provide underlying functionality Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact ...

Dear subscribers, We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack This advisory has also been published at documentationopen-xchangecom/appsuite/security/adv ...

Exploit-Medium-CVE-2021-41184 Exploit Medium CVE-2021-41184 XSS in the of option of the position() util jQuery ui version v1121 vulnerable 11 wwwwebsitecom/_js/jquery/jquery-ui-1121/jquery-uiminjs ------------------------------------------------Concept proof--------------------------------------------------------------- Open url Open inspect Look for s

CVE-2021-41184

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect