jQuery UI – CVE-2021-41183

Description

Kayran has detected that the version of jQuery UI being used is vulnerable to cross-site scripting.
This can be done by abusing the ” *Text” options.

By accepting the value of the ” *Text” option of the Datepicker widget from untrusted sources, untrusted codes may be executed. Also known as CVE-2021-41183.

An attacker could abuse this to insert and execute commands for his own purposes.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

To fix CVE-2021-41183, update the jQuery UI version being used to 1.13.0 or higher.
As of now, any string value passed to the ” *Text” option is now being treated as a normal text.

Another option is to not accept the value of the ” *Text” option from any untrusted sources.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »