XSS in Jqueryui Jquery_ui
CVE-2012-6662
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which i…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.070 (91.7th percentile) — read the EPSS interpretation.
Affected products
- Jqueryui Jquery_ui — versions 1.10.0
- Redhat Enterprise_linux_desktop — versions 7.0
- Redhat Enterprise_linux_hpc_node — versions 7.0
- Redhat Enterprise_linux_server — versions 7.0
- Redhat Enterprise_linux_workstation — versions 7.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_MISC)
- RHSA-2015:0442 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
- jqueryui-cve20126662-xss(98697) (vdb-entry, x_refsource_XF)
- [oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0 (mailing-list, x_refsource_MLIST, Third Party Advisory, VDB Entry)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
- RHSA-2015:1462 (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
- 71107 (vdb-entry, x_refsource_BID)
- [oss-security] 20141114 old CVE assignments for JQuery 1.10.0 (mailing-list, x_refsource_MLIST, Third Party Advisory, VDB Entry)
Frequently asked questions
- What is CVE-2012-6662?
- CVE-2012-6662 is a vulnerability in Jqueryui Jquery_ui, classified under Cross-site Scripting. Published 2014-11-24.
- Is CVE-2012-6662 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.