jQuery UI – CVE-2021-41182

Description

Kayran has detected that the version of jQuery UI being used is vulnerable to cross-site scripting.

By accepting the value of the ” altField” option of the Datepicker widget from untrusted sources, untrusted codes may be executed.
An attacker could abuse this to insert and execute commands for his own purposes.

Recommendation

To fix this, update the jQuery UI version being used to 1.13.0 or higher.
As of now, any string value passed to the ” altField” option is now being treated as a CSS selector.

Another option is to not accept the value of the ” altField” option from any untrusted sources.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »