[MAVEN:GHSA-GPQQ-952Q-5327] XSS in the `of` option of the `.position()` util in jquery-ui
Severity
Moderate
Affected Packages
4
Fixed Packages
4
CVEs
1
Impact
Accepting the value of the of
option of the .position()
util from untrusted sources may execute untrusted code. For example, invoking the following code:
js
$( "#element" ).position( {
my: "left top",
at: "right bottom",
of: "<img onerror='doEvilThing()' src='/404' />",
collision: "none"
} );
will call the doEvilThing()
function.
Patches
The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of
option is now treated as a CSS selector.
Workarounds
A workaround is to not accept the value of the of
option from untrusted sources.
For more information
If you have any questions or comments about this advisory, search for a relevant issue in the jQuery UI repo. If you don't find an answer, open a new issue.
Package | Affected Version |
---|---|
pkg:maven/org.webjars.npm/jquery-ui | < 1.13.0 |
pkg:maven/jQuery.UI.Combined | < 1.13.0 |
pkg:maven/jquery-ui-rails | < 7.0.0 |
pkg:maven/jquery-ui | < 1.13.0 |
Package | Fixed Version |
---|---|
pkg:maven/org.webjars.npm/jquery-ui | = 1.13.0 |
pkg:maven/jQuery.UI.Combined | = 1.13.0 |
pkg:maven/jquery-ui-rails | = 7.0.0 |
pkg:maven/jquery-ui | = 1.13.0 |
- ID
- MAVEN:GHSA-GPQQ-952Q-5327
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-gpqq-952q-5327
- Published
-
2021-10-26T14:55:12
(2 years ago) - Modified
-
2023-10-05T05:03:48
(11 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.webjars.npm/jquery-ui | org.webjars.npm | jquery-ui | < 1.13.0 | |||
Fixed | pkg:maven/org.webjars.npm/jquery-ui | org.webjars.npm | jquery-ui | = 1.13.0 | |||
Affected | pkg:maven/jQuery.UI.Combined | jQuery.UI.Combined | < 1.13.0 | ||||
Fixed | pkg:maven/jQuery.UI.Combined | jQuery.UI.Combined | = 1.13.0 | ||||
Affected | pkg:maven/jquery-ui-rails | jquery-ui-rails | < 7.0.0 | ||||
Fixed | pkg:maven/jquery-ui-rails | jquery-ui-rails | = 7.0.0 | ||||
Affected | pkg:maven/jquery-ui | jquery-ui | < 1.13.0 | ||||
Fixed | pkg:maven/jquery-ui | jquery-ui | = 1.13.0 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |