Upstream information
Description
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Liberty Linux 7 |
| Patchnames: RHSA-2015:0442 |
SUSE Timeline for this CVE
CVE page created: Thu Nov 20 13:31:21 2014CVE page last modified: Mon Oct 30 17:13:36 2023