Skip to content

CVE-2021-41183 @ Npm-jquery-ui-1.10.4 #813

New issue
New issue
Open
Open
CVE-2021-41183 @ Npm-jquery-ui-1.10.4#813
Labels
CheckmarxCxSCAbranch:main
@AASMACMX

Description

@AASMACMX
AASMACMX
opened on Jul 10, 2023

Vulnerable Package issue exists @ Npm-jquery-ui-1.10.4 in branch main

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0-alpha.1, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0-alpha.1. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

Namespace: CxDemoInABoxRepos
Repository: Java-Webgoat
Repository Url: https://github.com/CxDemoInABoxRepos/Java-Webgoat
CxAST-Project: CxDemoInABoxRepos/Java-Webgoat
CxAST platform scan: 15076145-61a1-4d21-a896-a138ffd875d6
Branch: main
Application: Java-Webgoat
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
CWE: CWE-79

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 1.13.0

References
Advisory
Release Note
Issue
Pull request
Commit

Metadata

Metadata

Assignees

No one assigned

    Labels

    CheckmarxCxSCAbranch:main

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions