RubySec

Providing security resources for the Ruby community

CVE-2016-7103 (jquery-ui-rails): XSS Vulnerability on closeText option of Dialog jQuery UI

ADVISORIES

GEM

jquery-ui-rails

FRAMEWORK

rails

SEVERITY

CVSS v3: 6.1

CVSS v2: 4.3

PATCHED VERSIONS

  • >= 6.0.0

DESCRIPTION

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.