jQuery UI - CVE-2021-41183

Description

Kayran has detected that the version of jQuery UI being used is vulnerable to cross-site scripting.
This can be done by abusing the ” *Text” options.

By accepting the value of the ” *Text” option of the Datepicker widget from untrusted sources, untrusted codes may be executed. Also known as CVE-2021-41183.

An attacker could abuse this to insert and execute commands for his own purposes.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

A leaking faucet – Data Leaks\Breaches

Imagine you’re running a 400 million dollar company, you got the company’s car, insurance and maybe even dental care! Now imagine that all the information

Enterprise Mobility – BYOD vs. CYOD

We know that “demarcation” of our Enterprise Mobility is very important in the field of Information Security especially when we talk about the devices being

Hackers hat shop – The many types of hackers

In our world there are many types of people, people that we trust, those who cannot be trusted, liars, suspicious types, amateur and “Noobs” as

Cyberbullying – We Need to Talk About it

Disclaimer: We in Kayran do not support or encourage any forms or acts of Cyber-bullying. We do not intend to hurt or make fun of

jQuery UI – CVE-2021-41183

Description

Severity/Score

Recommendation

References