CVE-2016-7103 — MEDIUM (6.1)

Q: What is CVE-2016-7103?

CVE-2016-7103 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Q: How severe is CVE-2016-7103?

CVE-2016-7103 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-7103?

Check the references section above for vendor advisories and patch information. Affected products include: Jqueryui Jquery Ui, Oracle Application Express, Oracle Business Intelligence, Oracle Hospitality Cruise Fleet Management, Oracle Oss Support Tools.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Jqueryui	Jquery Ui	>= 1.10.0, <= 1.11.4
Oracle	Application Express	< 19.1
Oracle	Business Intelligence	12.2.1.3.0
Oracle	Hospitality Cruise Fleet Management	9.0.11
Oracle	Oss Support Tools	< 2.12.42
Oracle	Primavera Unifier	>= 16.0, <= 16.2
Oracle	Siebel Ui Framework	<= 21.2
Oracle	Weblogic Server	10.3.6.0.0
Fedoraproject	Fedora	30
Netapp	Snapcenter	-
Redhat	Openstack	7.0
Juniper	Junos	21.2
Debian	Debian Linux	9.0

Related Weaknesses (CWE)

CWE-79

References

http://rhn.redhat.com/errata/RHSA-2016-2932.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2933.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0161.htmlThird Party AdvisoryVDB Entry
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatchThird Party Advisory
http://www.securityfocus.com/bid/104823Broken LinkThird Party AdvisoryVDB Entry
https://github.com/jquery/api.jqueryui.com/issues/281ExploitIssue TrackingPatch
https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10PatchThird Party Advisory
https://jqueryui.com/changelog/1.12.0/Release NotesVendor Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82eMailing ListThird Party Advisory
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12eMailing ListThird Party Advisory
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841Mailing ListThird Party Advisory
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d28Mailing ListThird Party Advisory
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd9Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory

FAQ

What is CVE-2016-7103?

CVE-2016-7103 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

How severe is CVE-2016-7103?

CVE-2016-7103 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-7103?

Check the references section above for vendor advisories and patch information. Affected products include: Jqueryui Jquery Ui, Oracle Application Express, Oracle Business Intelligence, Oracle Hospitality Cruise Fleet Management, Oracle Oss Support Tools.