CVE-2016-7103

MEDIUM

Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

References

http://rhn.redhat.com/errata/RHSA-2016-2932.html

http://rhn.redhat.com/errata/RHSA-2016-2933.html

http://rhn.redhat.com/errata/RHSA-2017-0161.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/104823

https://github.com/jquery/api.jqueryui.com/issues/281

https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6

https://jqueryui.com/changelog/1.12.0/

https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.roller.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E

https://lists.fedoraproject.org/archives/list/[email protected]/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/

https://nodesecurity.io/advisories/127

https://security.netapp.com/advisory/ntap-20190416-0007/

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://www.tenable.com/security/tns-2016-19

Details

Source: MITRE

Published: 2017-03-15

Updated: 2020-06-15

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:* versions from 1.10.0 to 1.11.4 (inclusive)

cpe:2.3:a:jquery:jquery_ui:1.10.0:beta1:*:*:*:*:*:*

cpe:2.3:a:jquery:jquery_ui:1.10.0:rc1:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from 16.0 to 16.2 (inclusive)

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from 17.0 to 17.12.4 (inclusive)

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from 18.0 to 18.8.4 (inclusive)

cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
135585Oracle Database Server Multiple Vulnerabilities (Apr 2020 CPU)NessusDatabases
high
130589Oracle Business Intelligence Publisher Multiple Vulnerabilities (Oct 2019 CPU)NessusMisc.
medium
126915Oracle WebLogic Server Multiple Vulnerabilities (Jul 2019 CPU)NessusMisc.
high
98393jQuery UI < 1.12.0 Cross-Site ScriptingWeb Application ScanningComponent Vulnerability
medium
111213Oracle Primavera Unifier Multiple Vulnerabilities (July 2018 CPU)NessusCGI abuses
medium
96832Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)NessusMisc.
high
96337Tenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32)NessusMisc.
critical