jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
jqueryui jquery ui |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |
||
netapp h300s_firmware - |
||
netapp h500s_firmware - |
||
netapp h700s_firmware - |
||
netapp h300e_firmware - |
||
netapp h500e_firmware - |
||
netapp h700e_firmware - |
||
netapp h410s_firmware - |
||
netapp h410c_firmware - |
||
drupal drupal |
||
tenable tenable.sc |
||
oracle hospitality suite8 8.10.2 |
||
oracle weblogic server 12.2.1.3.0 |
||
oracle primavera unifier 18.8 |
||
oracle primavera unifier |
||
oracle hospitality materials control 18.1 |
||
oracle agile plm 9.3.6 |
||
oracle weblogic server 12.2.1.4.0 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle primavera unifier 19.12 |
||
oracle weblogic server 14.1.1.0.0 |
||
oracle banking platform 2.9.0 |
||
oracle primavera unifier 20.12 |
||
oracle hospitality inventory management 9.1.0 |
||
oracle communications interactive session recorder 6.4 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle communications operations monitor 4.3 |
||
oracle banking platform 2.12.0 |
||
oracle communications operations monitor 4.4 |
||
oracle communications operations monitor 5.0 |
||
oracle primavera unifier 21.12 |
||
oracle big data spatial and graph 23.1 |
||
oracle big data spatial and graph |
||
oracle hospitality suite8 |
||
oracle jd edwards enterpriseone tools |
||
oracle rest data services |
||
oracle application express |
||
oracle rest data services 22.1.1 |
||
oracle policy automation |
Vulmon