Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2010-5312: Dialog: Extract setting the title into a _title method, use .text() t… · jquery/jquery-ui@7e9060c

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE
#xss#vulnerability#web#js

@@ -352,14 +352,21 @@ $.widget("ui.dialog", { uiDialogTitle = $( “<span>” ) .uniqueId() .addClass( “ui-dialog-title” ) .html( this.options.title || " " ) .prependTo( this.uiDialogTitlebar ); this._title( uiDialogTitle );
this.uiDialog.attr({ "aria-labelledby": uiDialogTitle.attr( “id” ) }); },
_title: function( title ) { if ( !this.options.title ) { title.html( " " ); } title.text( this.options.title ); },
_createButtonPane: function() { var uiDialogButtonPane = ( this.uiDialogButtonPane = $( “<div>” ) ) .addClass( “ui-dialog-buttonpane ui-widget-content ui-helper-clearfix” ); @@ -600,9 +607,7 @@ $.widget("ui.dialog", { }
if ( key === “title” ) { // convert whatever was passed in to a string, for html() to not throw up $( ".ui-dialog-title", this.uiDialogTitlebar ) .html( “” + ( value || " " ) ); this._title( this.uiDialogTitlebar.find( “.ui-dialog-title” ) ); } },

Related news

CVE-2023-25413: Multiple vulnerabilities in Aten PE8108 power distribution unit

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.

CVE-2023-25409: Multiple vulnerabilities in Aten PE8108 power distribution unit

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users outlets.

CVE-2016-5612: Oracle Critical Patch Update - October 2016

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907