jQuery UI – CVE-2021-41182


Kayran has detected that the version of jQuery UI being used is vulnerable to cross-site scripting.

By accepting the value of the ” altField” option of the Datepicker widget from untrusted sources, untrusted codes may be executed.
An attacker could abuse this to insert and execute commands for his own purposes.


CVSS Version 3.x – 6.1 Medium


To fix this, update the jQuery UI version being used to 1.13.0 or higher.
As of now, any string value passed to the ” altField” option is now being treated as a CSS selector.

Another option is to not accept the value of the ” altField” option from any untrusted sources.




< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »