Vulnerabilities > CVE-2021-41182

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE

Summary

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

Vulnerable Configurations

Part Description Count
Application
Jqueryui
90
Application
Drupal
96
Application
Oracle
185
Application
Tenable
11
OS
Fedoraproject
4
OS
Netapp
8
OS
Debian
1
Hardware
Netapp
8

References