Name | CVE-2010-5312 |
Description | Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-258-1, DLA-2889-1, DSA-3249-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
jqueryui (PTS) | bullseye | 1.12.1+dfsg-8+deb11u2 | fixed |
| sid, trixie, bookworm | 1.13.2+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
Notes
- owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed)
http://bugs.jqueryui.com/ticket/6016
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
https://www.drupal.org/sa-core-2022-002