CVE-2010-5312 — MEDIUM (6.1)

Q: What is CVE-2010-5312?

CVE-2010-5312 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

Q: How severe is CVE-2010-5312?

CVE-2010-5312 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-5312?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Jqueryui Jquery Ui, Fedoraproject Fedora, Netapp Snapcenter, Apache Drill.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	7.0
Jqueryui	Jquery Ui	< 1.10.0
Fedoraproject	Fedora	35
Netapp	Snapcenter	-
Apache	Drill	1.16.0
Drupal	Drupal	>= 7.0, < 7.86

Related Weaknesses (CWE)

CWE-79

References

http://bugs.jqueryui.com/ticket/6016ExploitVendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0442.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1462.htmlThird Party Advisory
http://seclists.org/oss-sec/2014/q4/613Mailing ListThird Party Advisory
http://seclists.org/oss-sec/2014/q4/616Mailing ListThird Party Advisory
http://www.debian.org/security/2015/dsa-3249Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlPatchThird Party Advisory
http://www.securityfocus.com/bid/71106Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037035Broken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/98696Third Party AdvisoryVDB Entry
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231bVendor Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82eMailing ListThird Party Advisory
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12eMailing ListThird Party Advisory
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d28Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2010-5312?

CVE-2010-5312 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

How severe is CVE-2010-5312?

CVE-2010-5312 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-5312?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Jqueryui Jquery Ui, Fedoraproject Fedora, Netapp Snapcenter, Apache Drill.