{ "schema_version": "1.4.0", "id": "GHSA-g8q2-24jh-5hpc", "modified": "2023-09-26T18:29:18Z", "published": "2018-07-27T14:47:52Z", "withdrawn": "2020-06-16T21:36:34Z", "aliases": [], "summary": "High severity vulnerability that affects jquery-ui", "details": "Withdrawn, accidental duplicate publish.\n\nCross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.", "severity": [], "affected": [ { "package": { "ecosystem": "npm", "name": "jquery-ui" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.12.0" } ] } ] }, { "package": { "ecosystem": "NuGet", "name": "jQuery.UI.Combined" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.12.0" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "org.webjars.npm:jquery-ui" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.12.0" } ] } ] }, { "package": { "ecosystem": "RubyGems", "name": "jquery-ui-rails" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "6.0.0" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7103" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-g8q2-24jh-5hpc" } ], "database_specific": { "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:36:34Z", "nvd_published_at": null } }