XSS in dialog closeText

Module: jquery-ui

Published: July 21st, 2016

Reported by: Phat Ly

CVE-2016-7103

CWE-

Vulnerable: <=1.11.4
Patched: >=1.12.0

Overview

jQuery-UI is a library for manipulating UI elements via jQuery.

Version 1.11.4 has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Remediation

Upgrade to jQuery-UI 1.12.0 or later.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo