Search for packages
| purl | pkg:deb/debian/jqueryui@1.12.1%2Bdfsg-8%2Bdeb11u1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-btgv-ef3h-83d3 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. |
CVE-2021-41182
GHSA-9gj3-hwp5-pmwc |
| VCID-gypk-ukbc-7qe3 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. |
CVE-2021-41183
GHSA-j7qv-pgf6-hvh4 |
| VCID-sbmj-9trz-2ybf | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') jQuery-UI is the official jQuery user interface library.Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. |
CVE-2021-41184
GHSA-gpqq-952q-5327 |