Search for vulnerabilities
Vulnerability details: VCID-6g3s-ygf3-73ch
Vulnerability ID VCID-6g3s-ygf3-73ch
Aliases CVE-2012-6662
GHSA-qqxp-xp9v-vvx6
Summary Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://bugs.jqueryui.com/ticket/8859
generic_textual MODERATE http://bugs.jqueryui.com/ticket/8861
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0442.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1462.html
epss 0.07349 https://api.first.org/data/v1/epss?cve=CVE-2012-6662
generic_textual MODERATE http://seclists.org/oss-sec/2014/q4/613
generic_textual MODERATE http://seclists.org/oss-sec/2014/q4/616
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-qqxp-xp9v-vvx6
generic_textual MODERATE https://github.com/jquery/jquery
generic_textual MODERATE https://github.com/jquery/jquery/issues/2432
generic_textual MODERATE https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e
generic_textual MODERATE https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2012-6662.yml
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-6662
Reference id Reference type URL
http://bugs.jqueryui.com/ticket/8859
http://bugs.jqueryui.com/ticket/8861
http://rhn.redhat.com/errata/RHSA-2015-0442.html
http://rhn.redhat.com/errata/RHSA-2015-1462.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6662.json
https://api.first.org/data/v1/epss?cve=CVE-2012-6662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6662
http://seclists.org/oss-sec/2014/q4/613
http://seclists.org/oss-sec/2014/q4/616
https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
https://github.com/jquery/jquery
https://github.com/jquery/jquery/issues/2432
https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
1166064 https://bugzilla.redhat.com/show_bug.cgi?id=1166064
CVE-2012-6662 https://nvd.nist.gov/vuln/detail/CVE-2012-6662
CVE-2012-6662.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2012-6662.yml
GHSA-qqxp-xp9v-vvx6 https://github.com/advisories/GHSA-qqxp-xp9v-vvx6
RHSA-2015:0442 https://access.redhat.com/errata/RHSA-2015:0442
RHSA-2015:1462 https://access.redhat.com/errata/RHSA-2015:1462
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.91385
EPSS Score 0.07349
Published At Dec. 19, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-12-19T17:28:18.736132+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 37.0.0