jQuery UI – CVE-2021-41182

Home » Blog » jQuery UI – CVE-2021-41182

Description

Kayran has detected that the version of jQuery UI being used is vulnerable to cross-site scripting.

By accepting the value of the ” altField” option of the Datepicker widget from untrusted sources, untrusted codes may be executed.
An attacker could abuse this to insert and execute commands for his own purposes.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

To fix this, update the jQuery UI version being used to 1.13.0 or higher.
As of now, any string value passed to the ” altField” option is now being treated as a CSS selector.

Another option is to not accept the value of the ” altField” option from any untrusted sources.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Enterprise Mobility – BYOD vs. CYOD

We know that “demarcation” of our Enterprise Mobility is very important in the field of Information Security especially when we talk about the devices being

Cyberbullying – We Need to Talk About it

Disclaimer: We in Kayran do not support or encourage any forms or acts of Cyber-bullying. We do not intend to hurt or make fun of

Spywares – 007’ing Your Devices

We’ve talked about Malwares before. Let’s talk about one of the most dangerous types of malwares: Spywares. One of my favorite movie series is James

A funny word that is not funny – Proxy

We’ve talked about a lot of funny words in the past, and if you’re here, you must have heard the word Proxy at least twice,

The Risks in Web Applications and other scary things…

There are couple of things regarding Risks in Web-Based Applications that you should know, let’s talk about them. When crossing the street, we look at

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

WEB APPLICATION VULNERABILITY SCANNER