CVE-2016-7103 (Medium) detected in multiple libraries #3

mend-bolt-for-github · 2019-10-31T22:47:32Z

CVE-2016-7103 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-ui-1.8.24.min.js, jquery.ui.combined.1.10.3.nupkg, jquery-ui-1.10.3.js

jquery-ui-1.8.24.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.8.24/jquery-ui.min.js

Path to vulnerable library: /QuizAppUI/QuizApp/QuizApp.UI/Scripts/jquery-ui-1.8.24.min.js

Dependency Hierarchy:

❌ jquery-ui-1.8.24.min.js (Vulnerable Library)

jquery.ui.combined.1.10.3.nupkg

jQuery UI is an open source library of interface components — interactions, full-featured widgets, a...

Library home page: https://api.nuget.org/packages/jquery.ui.combined.1.10.3.nupkg

Path to vulnerable library: /QuizAppUI/QuizApp/packages/jQuery.UI.Combined.1.10.3/jQuery.UI.Combined.1.10.3.nupkg

Dependency Hierarchy:

❌ jquery.ui.combined.1.10.3.nupkg (Vulnerable Library)

jquery-ui-1.10.3.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.10.3/jquery-ui.js

Path to vulnerable library: /QuizAppUI/QuizApp/packages/jQuery.UI.Combined.1.10.3/Content/Scripts/jquery-ui-1.10.3.js,/QuizAppUI/QuizApp/QuizApp.UI/Scripts/jquery-ui-1.10.3.js

Dependency Hierarchy:

❌ jquery-ui-1.10.3.js (Vulnerable Library)

Found in HEAD commit: d37d24b63bfa9b2f3f9b85cb0e4758109d7acea8

Vulnerability Details

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Publish Date: 2017-03-15

URL: CVE-2016-7103

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-7103

Release Date: 2017-03-15

Fix Resolution: 1.12.0

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 31, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2016-7103 (Medium) detected in multiple libraries #3

CVE-2016-7103 (Medium) detected in multiple libraries #3

mend-bolt-for-github bot commented Oct 31, 2019

CVE-2016-7103 (Medium) detected in multiple libraries #3

CVE-2016-7103 (Medium) detected in multiple libraries #3

Comments

mend-bolt-for-github bot commented Oct 31, 2019

CVE-2016-7103 - Medium Severity Vulnerability