Debian DSA-3249-1 : jqueryui - security update

medium Nessus Plugin ID 83235

Synopsis

The remote Debian host is missing a security-related update.

Description

Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its 'title'option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.

Solution

Upgrade the jqueryui packages.

For the oldstable distribution (wheezy), this problem has been fixed in version 1.8.ooops.21+dfsg-2+deb7u1.

For the stable distribution (jessie), testing distribution (stretch) and unstable distribution (sid), this problem has been fixed in version 1.10.1+dfsg-1.

See Also

https://packages.debian.org/source/wheezy/jqueryui

https://packages.debian.org/source/jessie/jqueryui

https://www.debian.org/security/2015/dsa-3249

Plugin Details

Severity: Medium

ID: 83235

File Name: debian_DSA-3249.nasl

Version: 2.6

Type: local

Agent: unix

Published: 5/5/2015

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:jqueryui, cpe:/o:debian:debian_linux:7.0, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 5/3/2015

Reference Information

CVE: CVE-2010-5312

BID: 71106

DSA: 3249