RubySec

Providing security resources for the Ruby community

CVE-2016-7103 (jquery-ui-rails): XSS Vulnerability on closeText option of Dialog jQuery UI

ADVISORIES

GEM

jquery-ui-rails

FRAMEWORK

Ruby on Rails

SEVERITY

CVSS v3.x: 6.1 (Medium)

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

  • >= 6.0.0

DESCRIPTION

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

RELATED