Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-xz96-yvnu-vyad

Summary

XSS in dialog closeText
jQuery-UI has a cross site scripting (XSS) vulnerability in the `closeText` parameter of the `dialog` function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

Aliases

alias	GMS-2016-46

Fixed_packages

url pkg:npm/jquery-ui@1.12.0-beta.1

purl pkg:npm/jquery-ui@1.12.0-beta.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-btgv-ef3h-83d3

vulnerability	VCID-ctcx-2x3h-7uhc

vulnerability	VCID-gypk-ukbc-7qe3

vulnerability	VCID-kuee-hxg5-qqgt

vulnerability	VCID-qrwm-a44w-yfge

vulnerability	VCID-sbmj-9trz-2ybf

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jquery-ui@1.12.0-beta.1

url pkg:npm/jquery-ui@1.12.0

purl pkg:npm/jquery-ui@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-btgv-ef3h-83d3

vulnerability	VCID-gypk-ukbc-7qe3

vulnerability	VCID-kuee-hxg5-qqgt

vulnerability	VCID-sbmj-9trz-2ybf

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jquery-ui@1.12.0

Affected_packages

url pkg:npm/jquery-ui@1.10.4

purl pkg:npm/jquery-ui@1.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-btgv-ef3h-83d3

vulnerability	VCID-ctcx-2x3h-7uhc

vulnerability	VCID-gypk-ukbc-7qe3

vulnerability	VCID-kuee-hxg5-qqgt

vulnerability	VCID-qrwm-a44w-yfge

vulnerability	VCID-sbmj-9trz-2ybf

vulnerability	VCID-xz96-yvnu-vyad

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jquery-ui@1.10.4

url pkg:npm/jquery-ui@1.10.5

purl pkg:npm/jquery-ui@1.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-btgv-ef3h-83d3

vulnerability	VCID-ctcx-2x3h-7uhc

vulnerability	VCID-gypk-ukbc-7qe3

vulnerability	VCID-kuee-hxg5-qqgt

vulnerability	VCID-qrwm-a44w-yfge

vulnerability	VCID-sbmj-9trz-2ybf

vulnerability	VCID-xz96-yvnu-vyad

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jquery-ui@1.10.5

url pkg:npm/jquery-ui@1.11.4

purl pkg:npm/jquery-ui@1.11.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ctcx-2x3h-7uhc

vulnerability	VCID-xz96-yvnu-vyad

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/jquery-ui@1.11.4

References

reference_url	https://github.com/jquery/jquery-ui/pull/1622
reference_id
reference_type
scores
url	https://github.com/jquery/jquery-ui/pull/1622

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xz96-yvnu-vyad

Vulnerability Instance