Vulnerability Description
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Hpc Node | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Jqueryui | Jquery Ui | 1.10.0 |
Related Weaknesses (CWE)
References
- http://bugs.jqueryui.com/ticket/8859Issue TrackingVendor Advisory
- http://bugs.jqueryui.com/ticket/8861Issue TrackingVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0442.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1462.html
- http://seclists.org/oss-sec/2014/q4/613Third Party AdvisoryVDB Entry
- http://seclists.org/oss-sec/2014/q4/616Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/71107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
- https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0eIssue TrackingPatchThird Party Advisory
- https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96Issue TrackingPatchThird Party Advisory
- https://github.com/jquery/jquery/issues/2432
- http://bugs.jqueryui.com/ticket/8859Issue TrackingVendor Advisory
- http://bugs.jqueryui.com/ticket/8861Issue TrackingVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0442.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1462.html
FAQ
What is CVE-2012-6662?
CVE-2012-6662 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script o...
How severe is CVE-2012-6662?
CVE-2012-6662 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6662?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Jqueryui Jquery Ui.