jQuery UI – CVE-2021-41184

Description

Kayran has detected that the version of jQuery UI being used is vulnerable to cross-site scripting.
This is caused by accepting the value of the ” of” option of the “.position()” utility.

Accepting the value of the ” of” option of the “.position()” utility from any untrusted sources could lead to untrusted code being executed. Also known as CVE-2021-41184.
An attacker could abuse this to insert and execute commands for his own purposes.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

To fix CVE-2021-41184, update the jQuery UI version being used to 1.13.0 or higher.
As of now, any string value passed to the of option is now being treated as a CSS selector.

Another option is to not accept the value of the ” of” option from any untrusted sources.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »