Search for vulnerabilities
Vulnerability details: VCID-3v88-t4gx-wud6
Vulnerability ID VCID-3v88-t4gx-wud6
Aliases CVE-2012-6662
GHSA-qqxp-xp9v-vvx6
Summary Moderate severity vulnerability that affects jquery-ui Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://bugs.jqueryui.com/ticket/8859
generic_textual MODERATE http://bugs.jqueryui.com/ticket/8861
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0442.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1462.html
epss 0.02781 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.02781 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.02781 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06276 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06437 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06437 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
epss 0.06437 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
generic_textual MODERATE http://seclists.org/oss-sec/2014/q4/613
generic_textual MODERATE http://seclists.org/oss-sec/2014/q4/616
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-qqxp-xp9v-vvx6
generic_textual MODERATE https://github.com/jquery/jquery
generic_textual MODERATE https://github.com/jquery/jquery/issues/2432
generic_textual MODERATE https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e
generic_textual MODERATE https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2012-6662.yml
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-6662
Reference id Reference type URL
http://bugs.jqueryui.com/ticket/8859
http://bugs.jqueryui.com/ticket/8861
http://rhn.redhat.com/errata/RHSA-2015-0442.html
http://rhn.redhat.com/errata/RHSA-2015-1462.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6662.json
https://api.first.org/data/v1/epss?cve=CVE-2012-6662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6662
http://seclists.org/oss-sec/2014/q4/613
http://seclists.org/oss-sec/2014/q4/616
https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
https://github.com/jquery/jquery
https://github.com/jquery/jquery/issues/2432
https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2012-6662.yml
https://nvd.nist.gov/vuln/detail/CVE-2012-6662
1166064 https://bugzilla.redhat.com/show_bug.cgi?id=1166064
GHSA-qqxp-xp9v-vvx6 https://github.com/advisories/GHSA-qqxp-xp9v-vvx6
RHSA-2015:0442 https://access.redhat.com/errata/RHSA-2015:0442
RHSA-2015:1462 https://access.redhat.com/errata/RHSA-2015:1462
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.85586
EPSS Score 0.02781
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:04:47.048224+00:00 Ruby Importer Import https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2012-6662.yml 37.0.0