XSS in dialog closeText
Affected versions of
jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the
closeText parameter in the
jQuery-UI is a library for manipulating UI elements via jQuery.
Version 1.11.4 has a cross site scripting (XSS) vulnerability in the
closeText parameter of the
dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.
Upgrade to jQuery-UI 1.12.0 or later.