-
-
Notifications
You must be signed in to change notification settings - Fork 220
/
Copy pathCVE-2012-6662.yml
32 lines (32 loc) · 1.39 KB
/
CVE-2012-6662.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
gem: jquery-ui-rails
cve: 2012-6662
ghsa: qqxp-xp9v-vvx6
url: https://nvd.nist.gov/vuln/detail/CVE-2012-6662
title: Moderate severity vulnerability that affects jquery-ui
date: 2017-10-24
description: |
Cross-site scripting (XSS) vulnerability in the default content option
in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before
1.10.0 allows remote attackers to inject arbitrary web script or
HTML via the title attribute, which is not properly handled in the
autocomplete combo box demo.
cvss_v2: 4.3
patched_versions:
- ">= 4.0.0"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2012-6662
- https://github.com/jquery-ui-rails/jquery-ui-rails/commit/61a8e3f50796118e9f49fbd224b67d4065b40c50
- https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
- https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e
- http://bugs.jqueryui.com/ticket/8859
- http://bugs.jqueryui.com/ticket/8861
- https://github.com/jquery/jquery/issues/2432
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
- http://rhn.redhat.com/errata/RHSA-2015-0442.html
- http://rhn.redhat.com/errata/RHSA-2015-1462.html
- http://seclists.org/oss-sec/2014/q4/613
- http://seclists.org/oss-sec/2014/q4/616
- http://www.securityfocus.com/bid/71107
- https://github.com/advisories/GHSA-qqxp-xp9v-vvx6