", co...">
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Accepting the value of the of
option of the
.position()
util from untrusted sources may execute untrusted code. For example, invoking the
following code:
$("#element").position( {
my: "left top", at: "right bottom",
of: "<img src="/404" />",
collision: "none"
});
will call the doEvilThing()
function.
The issue is fixed in jQuery UI 1.13.0. Any string value passed to
the of
option is now treated as a CSS selector.
A workaround is to not accept the value of the of
option from
untrusted sources.
If you have any questions or comments about this advisory, search
for a relevant issue in
the jQuery UI repo.
If you don’t find an answer, open a new issue."
Vendor | Product | Version | CPE |
---|---|---|---|
ruby | jquery-ui-rails | * | cpe:2.3:a:ruby:jquery-ui-rails:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N