1. Home
  2. Vulnerabilities
  3. CVE-2021-41183

CVE-2021-41183

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.36 % (73th)
0.36% Progress
Affected Products 36
Advisories 12
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2021-10-26 15:15:10
(2 years ago)
Updated Date
2023-08-31 03:15:13
(12 months ago)

Affected Products

Debian

Drupal

Fedoraproject

Jqueryui

Netapp

Oracle

Tenable

Configuration #1

    CPE23 From Up To
  Jqueryui Jquery Ui for Jquery prior 1.13.0 version cpe:2.3:a:jqueryui:jquery_ui::*:*:*:*:jquery < 1.13.0

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 33 cpe:2.3:o:fedoraproject:fedora:33
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34
  Fedoraproject Fedora 35 cpe:2.3:o:fedoraproject:fedora:35
  Fedoraproject Fedora 36 cpe:2.3:o:fedoraproject:fedora:36

Configuration #3

AND
    CPE23 From Up To
OR  
  Netapp H300s Firmware cpe:2.3:o:netapp:h300s_firmware:-
OR  
  Running on/with
  Netapp H300s cpe:2.3:h:netapp:h300s:-

Configuration #4

AND
    CPE23 From Up To
OR  
  Netapp H500s Firmware cpe:2.3:o:netapp:h500s_firmware:-
OR  
  Running on/with
  Netapp H500s cpe:2.3:h:netapp:h500s:-

Configuration #5

AND
    CPE23 From Up To
OR  
  Netapp H700s Firmware cpe:2.3:o:netapp:h700s_firmware:-
OR  
  Running on/with
  Netapp H700s cpe:2.3:h:netapp:h700s:-

Configuration #6

AND
    CPE23 From Up To
OR  
  Netapp H300e Firmware cpe:2.3:o:netapp:h300e_firmware:-
OR  
  Running on/with
  Netapp H300e cpe:2.3:h:netapp:h300e:-

Configuration #7

AND
    CPE23 From Up To
OR  
  Netapp H500e Firmware cpe:2.3:o:netapp:h500e_firmware:-
OR  
  Running on/with
  Netapp H500e cpe:2.3:h:netapp:h500e:-

Configuration #8

AND
    CPE23 From Up To
OR  
  Netapp H700e Firmware cpe:2.3:o:netapp:h700e_firmware:-
OR  
  Running on/with
  Netapp H700e cpe:2.3:h:netapp:h700e:-

Configuration #9

AND
    CPE23 From Up To
OR  
  Netapp H410s Firmware cpe:2.3:o:netapp:h410s_firmware:-
OR  
  Running on/with
  Netapp H410s cpe:2.3:h:netapp:h410s:-

Configuration #10

AND
    CPE23 From Up To
OR  
  Netapp H410c Firmware cpe:2.3:o:netapp:h410c_firmware:-
OR  
  Running on/with
  Netapp H410c cpe:2.3:h:netapp:h410c:-

Configuration #11

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0

Configuration #12

    CPE23 From Up To
  Drupal from 7.0 version and prior 7.86 version cpe:2.3:a:drupal:drupal >= 7.0 < 7.86
  Drupal from 9.2.0 version and prior 9.2.11 version cpe:2.3:a:drupal:drupal >= 9.2.0 < 9.2.11
  Drupal from 9.3.0 version and prior 9.3.3 version cpe:2.3:a:drupal:drupal >= 9.3.0 < 9.3.3

Configuration #13

    CPE23 From Up To
  Oracle Agile Plm 9.3.6 cpe:2.3:a:oracle:agile_plm:9.3.6
  Oracle Application Express prior 22.1.1 version cpe:2.3:a:oracle:application_express < 22.1.1
  Oracle Banking Platform 2.9.0 cpe:2.3:a:oracle:banking_platform:2.9.0
  Oracle Banking Platform 2.12.0 cpe:2.3:a:oracle:banking_platform:2.12.0
  Oracle Big Data Spatial And Graph prior 23.1 version cpe:2.3:a:oracle:big_data_spatial_and_graph < 23.1
  Oracle Big Data Spatial And Graph 23.1 cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1
  Oracle Communications Interactive Session Recorder 6.4 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4
  Oracle Communications Operations Monitor 4.3 cpe:2.3:a:oracle:communications_operations_monitor:4.3
  Oracle Communications Operations Monitor 4.4 cpe:2.3:a:oracle:communications_operations_monitor:4.4
  Oracle Communications Operations Monitor 5.0 cpe:2.3:a:oracle:communications_operations_monitor:5.0
  Oracle Hospitality Inventory Management 9.1.0 cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0
  Oracle Hospitality Suite8 from 8.11.0 version and 11.14.0 and prior versions cpe:2.3:a:oracle:hospitality_suite8 >= 8.11.0 <= 11.14.0
  Oracle Hospitality Suite8 8.10.2 cpe:2.3:a:oracle:hospitality_suite8:8.10.2
  Oracle Jd Edwards Enterpriseone Tools 9.2.6.3 and prior versions cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools <= 9.2.6.3
  Oracle Mysql Enterprise Monitor 8.0.29 and prior versions cpe:2.3:a:oracle:mysql_enterprise_monitor <= 8.0.29
  Oracle Peoplesoft Enterprise Peopletools 8.58 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
  Oracle Peoplesoft Enterprise Peopletools 8.59 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59
  Oracle Policy Automation from 12.2.0 version and 12.2.5 and prior versions cpe:2.3:a:oracle:policy_automation >= 12.2.0 <= 12.2.5
  Oracle Primavera Gateway from 17.7 version and 17.12 and prior versions cpe:2.3:a:oracle:primavera_gateway >= 17.7 <= 17.12
  Oracle Primavera Gateway 18.8.0 cpe:2.3:a:oracle:primavera_gateway:18.8.0
  Oracle Primavera Gateway 19.12.0 cpe:2.3:a:oracle:primavera_gateway:19.12.0
  Oracle Primavera Gateway 20.12.0 cpe:2.3:a:oracle:primavera_gateway:20.12.0
  Oracle Primavera Gateway 21.12.0 cpe:2.3:a:oracle:primavera_gateway:21.12.0
  Oracle Rest Data Services prior 22.1.1 version cpe:2.3:a:oracle:rest_data_services::*:*:*:- < 22.1.1
  Oracle Rest Data Services 22.1.1 cpe:2.3:a:oracle:rest_data_services:22.1.1:*:*:*:-
  Oracle Weblogic Server 12.2.1.3.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0
  Oracle Weblogic Server 12.2.1.4.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0
  Oracle Weblogic Server 14.1.1.0.0 cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0

Configuration #14

    CPE23 From Up To
  Tenable.sc prior 5.21.0 version cpe:2.3:a:tenable:tenable.sc < 5.21.0