VulnerableCode Package Details - pkg:npm/jquery-ui@1.11.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-e9wq-mfzv-fyfr Aliases: GMS-2016-46	XSS in dialog closeText jQuery-UI has a cross site scripting (XSS) vulnerability in the `closeText` parameter of the `dialog` function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.	1.12.0-beta.1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.12.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-v2wn-ca7g-uyar Aliases: CVE-2016-7103 GHSA-hpcf-8vf9-q4gj	XSS in dialog closeText jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the `closeText` parameter of the `dialog` function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.	1.12.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-e9wq-mfzv-fyfr
Aliases:
GMS-2016-46

XSS in dialog closeText jQuery-UI has a cross site scripting (XSS) vulnerability in the `closeText` parameter of the `dialog` function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

1.12.0-beta.1
Affected by 6 other vulnerabilities.

1.12.0
Affected by 4 other vulnerabilities.

VCID-v2wn-ca7g-uyar
Aliases:
CVE-2016-7103
GHSA-hpcf-8vf9-q4gj

XSS in dialog closeText jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting (XSS) vulnerability in the `closeText` parameter of the `dialog` function. If your application passes user input to this parameter, it may be vulnerable to XSS via this attack vector.

1.12.0
Affected by 4 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T09:21:34.592130+00:00	GitLab Importer	Affected by	VCID-e9wq-mfzv-fyfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jquery-ui/GMS-2016-46.yml	37.0.0
2025-07-31T07:58:28.840417+00:00	Npm Importer	Affected by	VCID-v2wn-ca7g-uyar	https://github.com/nodejs/security-wg/blob/main/vuln/npm/127.json	37.0.0

2025-07-31T09:21:34.592130+00:00

GitLab Importer

Affected by

VCID-e9wq-mfzv-fyfr

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/jquery-ui/GMS-2016-46.yml

37.0.0

2025-07-31T07:58:28.840417+00:00

Npm Importer

Affected by

VCID-v2wn-ca7g-uyar

https://github.com/nodejs/security-wg/blob/main/vuln/npm/127.json

37.0.0

purl	pkg:npm/jquery-ui@1.11.4
Tags	Ghost

Next non-vulnerable version	1.13.2
Latest non-vulnerable version	1.13.2
Risk	3.3