[SECURITY] [DLA 258-1] jqueryui security update

2015-06-2920:29:12

lists.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

53.1%

JSON

Package : jqueryui
Version : 1.8.dfsg-3+deb6u1
CVE ID : CVE-2010-5312

Shadowman131 discovered that jqueryui, a JavaScript UI library for
dynamic web applications, failed to properly sanitize its "title"
option. This would allow a remote attacker to inject arbitrary code
through cross-site scripting.

OSVersionArchitecturePackageVersionFilename
Debian7alljqueryui< 1.8.ooops.21+dfsg-2+deb7u1jqueryui_1.8.ooops.21+dfsg-2+deb7u1_all.deb
Debian7alllibjs-jquery-ui-docs< 1.8.ooops.21+dfsg-2+deb7u1libjs-jquery-ui-docs_1.8.ooops.21+dfsg-2+deb7u1_all.deb
Debian6alljqueryui< 1.8.dfsg-3+deb6u1jqueryui_1.8.dfsg-3+deb6u1_all.deb
Debian6alllibjs-jquery-ui< 1.8.dfsg-3+deb6u1libjs-jquery-ui_1.8.dfsg-3+deb6u1_all.deb
Debian6alllibjs-jquery-ui-docs< 1.8.dfsg-3+deb6u1libjs-jquery-ui-docs_1.8.dfsg-3+deb6u1_all.deb
Debian9alldrupal7< 7.52-2+deb9u17drupal7_7.52-2+deb9u17_all.deb
Debian7alllibjs-jquery-ui< 1.8.ooops.21+dfsg-2+deb7u1libjs-jquery-ui_1.8.ooops.21+dfsg-2+deb7u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	jqueryui	< 1.8.ooops.21+dfsg-2+deb7u1	jqueryui_1.8.ooops.21+dfsg-2+deb7u1_all.deb
Debian	7	all	libjs-jquery-ui-docs	< 1.8.ooops.21+dfsg-2+deb7u1	libjs-jquery-ui-docs_1.8.ooops.21+dfsg-2+deb7u1_all.deb
Debian	6	all	jqueryui	< 1.8.dfsg-3+deb6u1	jqueryui_1.8.dfsg-3+deb6u1_all.deb
Debian	6	all	libjs-jquery-ui	< 1.8.dfsg-3+deb6u1	libjs-jquery-ui_1.8.dfsg-3+deb6u1_all.deb
Debian	6	all	libjs-jquery-ui-docs	< 1.8.dfsg-3+deb6u1	libjs-jquery-ui-docs_1.8.dfsg-3+deb6u1_all.deb
Debian	9	all	drupal7	< 7.52-2+deb9u17	drupal7_7.52-2+deb9u17_all.deb
Debian	7	all	libjs-jquery-ui	< 1.8.ooops.21+dfsg-2+deb7u1	libjs-jquery-ui_1.8.ooops.21+dfsg-2+deb7u1_all.deb