1. Home
  2. Vulnerabilities
  3. CVE-2021-41182

CVE-2021-41182

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.32 % (71th)
0.32% Progress
Affected Products 37
Advisories 12
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2021-10-26 15:15:10
(2 years ago)
Updated Date
2023-08-31 03:15:12
(12 months ago)

Affected Products

Debian

Drupal

Fedoraproject

Jqueryui

Netapp

Oracle

Tenable

Configuration #1

    CPE23 From Up To
  Jqueryui Jquery Ui for Jquery prior 1.13.0 version cpe:2.3:a:jqueryui:jquery_ui::*:*:*:*:jquery < 1.13.0

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 33 cpe:2.3:o:fedoraproject:fedora:33
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34
  Fedoraproject Fedora 35 cpe:2.3:o:fedoraproject:fedora:35
  Fedoraproject Fedora 36 cpe:2.3:o:fedoraproject:fedora:36

Configuration #3

AND
    CPE23 From Up To
OR  
  Netapp H500s Firmware cpe:2.3:o:netapp:h500s_firmware:-
OR  
  Running on/with
  Netapp H500s cpe:2.3:h:netapp:h500s:-

Configuration #4

AND
    CPE23 From Up To
OR  
  Netapp H700s Firmware cpe:2.3:o:netapp:h700s_firmware:-
OR  
  Running on/with
  Netapp H700s cpe:2.3:h:netapp:h700s:-

Configuration #5

AND
    CPE23 From Up To
OR  
  Netapp H300e Firmware cpe:2.3:o:netapp:h300e_firmware:-
OR  
  Running on/with
  Netapp H300e cpe:2.3:h:netapp:h300e:-

Configuration #6

AND
    CPE23 From Up To
OR  
  Netapp H500e Firmware cpe:2.3:o:netapp:h500e_firmware:-
OR  
  Running on/with
  Netapp H500e cpe:2.3:h:netapp:h500e:-

Configuration #7

AND
    CPE23 From Up To
OR  
  Netapp H700e Firmware cpe:2.3:o:netapp:h700e_firmware:-
OR  
  Running on/with
  Netapp H700e cpe:2.3:h:netapp:h700e:-

Configuration #8

AND
    CPE23 From Up To
OR  
  Netapp H410s Firmware cpe:2.3:o:netapp:h410s_firmware:-
OR  
  Running on/with
  Netapp H410s cpe:2.3:h:netapp:h410s:-

Configuration #9

AND
    CPE23 From Up To
OR  
  Netapp H410c Firmware cpe:2.3:o:netapp:h410c_firmware:-
OR  
  Running on/with
  Netapp H410c cpe:2.3:h:netapp:h410c:-

Configuration #10

AND
    CPE23 From Up To
OR  
  Netapp H300s Firmware cpe:2.3:o:netapp:h300s_firmware:-
OR  
  Running on/with
  Netapp H300s cpe:2.3:h:netapp:h300s:-

Configuration #11

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0

Configuration #12

    CPE23 From Up To
  Drupal from 7.0 version and prior 7.86 version cpe:2.3:a:drupal:drupal >= 7.0 < 7.86

Configuration #13

    CPE23 From Up To
  Oracle Communications Interactive Session Recorder 6.4 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4
  Oracle Communications Operations Monitor 4.3 cpe:2.3:a:oracle:communications_operations_monitor:4.3
  Oracle Communications Operations Monitor 4.4 cpe:2.3:a:oracle:communications_operations_monitor:4.4
  Oracle Communications Operations Monitor 5.0 cpe:2.3:a:oracle:communications_operations_monitor:5.0
  Oracle Hospitality Suite8 from 8.11.0 version and 8.14.0 and prior versions cpe:2.3:a:oracle:hospitality_suite8 >= 8.11.0 <= 8.14.0
  Oracle Hospitality Suite8 8.10.2 cpe:2.3:a:oracle:hospitality_suite8:8.10.2
  Oracle Mysql Enterprise Monitor 8.0.29 and prior versions cpe:2.3:a:oracle:mysql_enterprise_monitor <= 8.0.29
  Oracle Primavera Unifier 17.7 cpe:2.3:a:oracle:primavera_unifier:17.7
  Oracle Primavera Unifier 17.8 cpe:2.3:a:oracle:primavera_unifier:17.8
  Oracle Primavera Unifier 17.9 cpe:2.3:a:oracle:primavera_unifier:17.9
  Oracle Primavera Unifier 17.10 cpe:2.3:a:oracle:primavera_unifier:17.10
  Oracle Primavera Unifier 17.11 cpe:2.3:a:oracle:primavera_unifier:17.11
  Oracle Primavera Unifier 17.12 cpe:2.3:a:oracle:primavera_unifier:17.12
  Oracle Primavera Unifier 18.8 cpe:2.3:a:oracle:primavera_unifier:18.8
  Oracle Primavera Unifier 19.12 cpe:2.3:a:oracle:primavera_unifier:19.12
  Oracle Primavera Unifier 20.12 cpe:2.3:a:oracle:primavera_unifier:20.12
  Oracle Primavera Unifier 21.12 cpe:2.3:a:oracle:primavera_unifier:21.12
  Oracle Weblogic Server 12.2.1.3.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0
  Oracle Weblogic Server 12.2.1.4.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0
  Oracle Weblogic Server 14.1.1.0.0 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0

Configuration #14

    CPE23 From Up To
  Tenable.sc prior 5.21.0 version cpe:2.3:a:tenable:tenable.sc < 5.21.0

Configuration #15

    CPE23 From Up To
  Oracle Agile Plm 9.3.6 cpe:2.3:a:oracle:agile_plm:9.3.6
  Oracle Application Express prior 22.1.1 version cpe:2.3:a:oracle:application_express < 22.1.1
  Oracle Banking Platform 2.9.0 cpe:2.3:a:oracle:banking_platform:2.9.0
  Oracle Banking Platform 2.12.0 cpe:2.3:a:oracle:banking_platform:2.12.0
  Oracle Big Data Spatial And Graph prior 23.1 version cpe:2.3:a:oracle:big_data_spatial_and_graph < 23.1
  Oracle Big Data Spatial And Graph 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1
  Oracle Communications Interactive Session Recorder 6.4 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4
  Oracle Communications Operations Monitor 4.3 cpe:2.3:a:oracle:communications_operations_monitor:4.3
  Oracle Communications Operations Monitor 4.4 cpe:2.3:a:oracle:communications_operations_monitor:4.4
  Oracle Communications Operations Monitor 5.0 cpe:2.3:a:oracle:communications_operations_monitor:5.0
  Oracle Hospitality Inventory Management 9.1.0 cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0
  Oracle Hospitality Materials Control 18.1 cpe:2.3:a:oracle:hospitality_materials_control:18.1
  Oracle Hospitality Suite8 from 8.11.0 version and 8.14.0 and prior versions cpe:2.3:a:oracle:hospitality_suite8 >= 8.11.0 <= 8.14.0
  Oracle Hospitality Suite8 8.10.2 cpe:2.3:a:oracle:hospitality_suite8:8.10.2
  Oracle Jd Edwards Enterpriseone Tools 9.2.6.3 and prior versions cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools <= 9.2.6.3
  Oracle Peoplesoft Enterprise Peopletools 8.58 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
  Oracle Peoplesoft Enterprise Peopletools 8.59 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59
  Oracle Policy Automation from 12.2.0 version and 12.2.25 and prior versions cpe:2.3:a:oracle:policy_automation >= 12.2.0 <= 12.2.25
  Oracle Primavera Unifier from 17.7 version and 17.12 and prior versions cpe:2.3:a:oracle:primavera_unifier >= 17.7 <= 17.12
  Oracle Primavera Unifier 18.8 cpe:2.3:a:oracle:primavera_unifier:18.8
  Oracle Primavera Unifier 19.12 cpe:2.3:a:oracle:primavera_unifier:19.12
  Oracle Primavera Unifier 20.12 cpe:2.3:a:oracle:primavera_unifier:20.12
  Oracle Primavera Unifier 21.12 cpe:2.3:a:oracle:primavera_unifier:21.12
  Oracle Rest Data Services prior 22.1.1 version cpe:2.3:a:oracle:rest_data_services::*:*:*:- < 22.1.1
  Oracle Rest Data Services 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-
  Oracle Weblogic Server 12.2.1.3.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0
  Oracle Weblogic Server 12.2.1.4.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0
  Oracle Weblogic Server 14.1.1.0.0 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0