RubySec

Providing security resources for the Ruby community

CVE-2016-7103 (jquery-ui-rails): XSS Vulnerability on closeText option of Dialog jQuery UI

XSS Vulnerability on closeText option of Dialog jQuery UI

Published: August 27, 2016

SECURITY IDENTIFIERS

GEM

jquery-ui-rails

FRAMEWORK

Ruby on Rails

SEVERITY

CVSS v3.x: 6.1 (Medium)

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

>= 6.0.0

DESCRIPTION

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories