BIT-drupal-2021-41182

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2021-41182.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-drupal-2021-41182
Aliases
Published
2024-03-06T10:54:54.794Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.

References

Affected packages

Bitnami / drupal

Package

Name
drupal
Purl
pkg:bitnami/drupal

Severity

  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.0.0
Fixed
7.86.0