[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-6662Date: (C)2014-12-04   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-71107
RHSA-2015:0442
RHSA-2015:1462
http://seclists.org/oss-sec/2014/q4/616
http://seclists.org/oss-sec/2014/q4/613
http://bugs.jqueryui.com/ticket/8859
http://bugs.jqueryui.com/ticket/8861
https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
https://github.com/jquery/jquery/issues/2432
jqueryui-cve20126662-xss(98697)

CPE    4
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux_workstation:7.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_server:7.0
...
CWE    1
CWE-79
OVAL    11
oval:org.secpod.oval:def:108559
oval:org.secpod.oval:def:108552
oval:org.secpod.oval:def:1500936
oval:org.secpod.oval:def:204201
...

© SecPod Technologies