jquery-ui
npm7 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting jquery-uipage 1 of 1
- CVE-2010-5312MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.10.02014-11-24
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
- CVE-2012-6662NONECVSS 0.0EG 0.0✓ Fixed in 1.10.02014-11-24
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which i…
- CVE-2016-7103MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.12.02017-03-15
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
- CVE-2021-41182MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.13.02021-10-26
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13…
- CVE-2021-41183MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.13.02021-10-26
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.…
- CVE-2021-41184MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.13.02021-10-26
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. A…
- CVE-2022-31160MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.13.22022-07-20
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input en…
Check whether jquery-ui is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jquery-ui CVEs against the assets you own.
Start Free Scan →