ADVISORIES

• CVE-2016-7103 (NVD)
• GHSA-hpcf-8vf9-q4gj
• Vendor Advisory

GEM

jquery-ui-rails

FRAMEWORK

Ruby on Rails

SEVERITY

CVSS v3.x: 6.1 (Medium)

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

• >= 6.0.0

DESCRIPTION

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

RELATED

• https://github.com/jquery/jquery-ui/pull/1635
• https://github.com/jquery-ui-rails/jquery-ui-rails/blob/master/History.md#600