jQuery UI – CVE-2021-41182


Kayran has detected that the version of jQuery UI being used is vulnerable to cross-site scripting.

By accepting the value of the ” altField” option of the Datepicker widget from untrusted sources, untrusted codes may be executed.
An attacker could abuse this to insert and execute commands for his own purposes.


To fix this, update the jQuery UI version being used to 1.13.0 or higher.
As of now, any string value passed to the ” altField” option is now being treated as a CSS selector.

Another option is to not accept the value of the ” altField” option from any untrusted sources.




< Return to all Vulnerabilities

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »