jQuery UI – CVE-2016-7103

Description

Kayran has detected that the version of jQuery UI being used is vulnerable to Cross-site scripting (XSS).
This can be done by abusing the closeText parameter. Also known as CVE-2016-7103.

By abusing the closeText parameter of the dialog function in jQuery UI, remote attackers can inject arbitrary web scripts or any HTML.

Recommendation

To fix CVE-2016-7103, update the version of the jQuery UI being used.
Make sure its version is 1.12.0 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7103

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »