CVE-2016-7103

Current Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Basic Data

PublishedMarch 15, 2017
Last ModifiedJune 15, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationJqueryJquery Ui********1.10.01.11.4
    2.3ApplicationJqueryJquery Ui1.10.0beta1******
    2.3ApplicationJqueryJquery Ui1.10.0rc1******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleApplication Express********19.1
    2.3ApplicationOracleBusiness Intelligence12.2.1.3.0***enterprise***
    2.3ApplicationOracleBusiness Intelligence12.2.1.4.0***enterprise***
    2.3ApplicationOracleHospitality Cruise Fleet Management9.0.11*******
    2.3ApplicationOraclePrimavera Unifier********16.016.2
    2.3ApplicationOraclePrimavera Unifier********17.017.12.4
    2.3ApplicationOraclePrimavera Unifier********18.018.8.4
    2.3ApplicationOracleWeblogic Server10.3.6.0.0*******
    2.3ApplicationOracleWeblogic Server12.1.3.0.0*******
    2.3ApplicationOracleWeblogic Server12.2.1.3.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSFedoraprojectFedora30*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationNetappSnapcenter-*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatOpenstack7.0*******
    2.3ApplicationRedhatOpenstack8.0*******
    2.3ApplicationRedhatOpenstack9.0*******

Vulnerable Software List

VendorProductVersions
Redhat Openstack 7.0, 8.0, 9.0
Oracle Primavera Unifier *
Oracle Application Express *
Oracle Business Intelligence 12.2.1.3.0, 12.2.1.4.0
Oracle Weblogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0
Oracle Hospitality Cruise Fleet Management 9.0.11
Netapp Snapcenter -
Jquery Jquery Ui *, 1.10.0
Fedoraproject Fedora 30

References

NameSourceURLTags
RHSA-2016:2932http://rhn.redhat.com/errata/RHSA-2016-2932.htmlREDHATThird Party Advisory
RHSA-2016:2933http://rhn.redhat.com/errata/RHSA-2016-2933.htmlREDHATThird Party Advisory
RHSA-2017:0161http://rhn.redhat.com/errata/RHSA-2017-0161.htmlREDHATThird Party Advisory VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlCONFIRMThird Party Advisory
104823http://www.securityfocus.com/bid/104823BIDThird Party Advisory VDB Entry
https://github.com/jquery/api.jqueryui.com/issues/281https://github.com/jquery/api.jqueryui.com/issues/281CONFIRMExploit Patch Third Party Advisory
https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6CONFIRMPatch Third Party Advisory
https://jqueryui.com/changelog/1.12.0/https://jqueryui.com/changelog/1.12.0/CONFIRMRelease Notes Vendor Advisory
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilitieshttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3CdevMLISTMailing List Third Party Advisory
[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilitieshttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3CdevMLISTMailing List Third Party Advisory
[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire jshttps://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3CcomMLISTMailing List Third Party Advisory
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilitieshttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3CissMLISTMailing List Third Party Advisory
[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3CcomMLISTMailing List Third Party Advisory
FEDORA-2019-a96124345ahttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UFEDORAThird Party Advisory
https://nodesecurity.io/advisories/127https://nodesecurity.io/advisories/127MISCThird Party Advisory
https://security.netapp.com/advisory/ntap-20190416-0007/https://security.netapp.com/advisory/ntap-20190416-0007/CONFIRMThird Party Advisory
N/Ahttps://www.oracle.com/security-alerts/cpuapr2020.htmlN/AThird Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlMISCThird Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlMISCThird Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlMISCThird Party Advisory
https://www.tenable.com/security/tns-2016-19https://www.tenable.com/security/tns-2016-19CONFIRMThird Party Advisory