GMS-2016-46

ADVISORY - gitlab

Summary

jQuery-UI has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Common Weakness Enumeration (CWE)

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

GitLab

CREATED

10 years ago

UPDATED

10 years ago

ADVISORY ID

GMS-2016-46

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-937⁠

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
jquery-ui	npm	-	-	<=1.11.4	1.12.0

Severity and metrics

No CVSS data available from this advisory.