CVE-2016-7103medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
References
https://nodesecurity.io/advisories/127
https://jqueryui.com/changelog/1.12.0/
https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
https://github.com/jquery/api.jqueryui.com/issues/281
http://rhn.redhat.com/errata/RHSA-2017-0161.html
https://www.tenable.com/security/tns-2016-19
http://rhn.redhat.com/errata/RHSA-2016-2933.html
http://rhn.redhat.com/errata/RHSA-2016-2932.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/104823
https://security.netapp.com/advisory/ntap-20190416-0007/
https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://lists.apache.org/thread.html/[email protected]%3Ccommits.roller.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2020.html
Details
Source: MITRE
Published: 2017-03-15
Updated: 2021-08-04
Type: CWE-79
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:* versions from 1.10.0 to 1.11.4 (inclusive)
Configuration 2
OR
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from 16.0 to 16.2 (inclusive)
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from 17.0 to 17.12.4 (inclusive)
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from 18.0 to 18.8.4 (inclusive)
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
Configuration 3
OR
Configuration 4
OR
Configuration 5
OR
cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 135585 | Oracle Database Server Multiple Vulnerabilities (Apr 2020 CPU) | Nessus | Databases | high |
| 130589 | Oracle Business Intelligence Publisher Multiple Vulnerabilities (Oct 2019 CPU) | Nessus | Misc. | high |
| 126915 | Oracle WebLogic Server Multiple Vulnerabilities (Jul 2019 CPU) | Nessus | Misc. | critical |
| 98393 | jQuery UI < 1.12.0 Cross-Site Scripting | Web Application Scanning | Component Vulnerability | medium |
| 111213 | Oracle Primavera Unifier Multiple Vulnerabilities (July 2018 CPU) | Nessus | CGI abuses | medium |
| 96832 | Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19) | Nessus | Misc. | critical |
| 96337 | Tenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32) | Nessus | Misc. | critical |