[Bug 1166041] CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
bugzilla at redhat.com
bugzilla at redhat.com
Fri Nov 21 09:42:41 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1166041
Vasyl Kaigorodov <vkaigoro at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2010 |impact=moderate,public=2010
|0903,reported=20141120,sour |0903,reported=20141120,sour
|ce=internet,cvss2=4.3/AV:N/ |ce=internet,cvss2=4.3/AV:N/
|AC:M/Au:N/C:N/I:P/A:N,fedor |AC:M/Au:N/C:N/I:P/A:N,fedor
|a-all/asterisk-gui=affected |a-all/asterisk-gui=affected
|,fedora-all/beacon=affected |,fedora-all/beacon=affected
|,fedora-all/blender=affecte |,fedora-all/blender=affecte
|d,fedora-all/bodhi=affected |d,fedora-all/bodhi=affected
|,fedora-all/cacti=affected, |,fedora-all/cacti=affected,
|fedora-all/calibre=affected |fedora-all/calibre=affected
|,fedora-all/cinnamon=notaff |,fedora-all/cinnamon=notaff
|ected,fedora-all/ckeditor=a |ected,fedora-all/ckeditor=a
|ffected,fedora-all/cobbler= |ffected,fedora-all/cobbler=
|affected,fedora-all/couchdb |affected,fedora-all/couchdb
|=affected,fedora-all/cumin= |=affected,fedora-all/cumin=
|affected,fedora-all/django- |affected,fedora-all/django-
|typepad=affected,fedora-all |typepad=affected,fedora-all
|/dl=affected,fedora-all/dok |/dl=affected,fedora-all/dok
|uwiki=affected,fedora-all/d |uwiki=affected,fedora-all/d
|rupal6=affected,fedora-all/ |rupal6=affected,fedora-all/
|drupal7=affected,fedora-all |drupal7=affected,fedora-all
|/drupal7-jquery_update=affe |/drupal7-jquery_update=affe
|cted,fedora-all/fish=affect |cted,fedora-all/fish=affect
|ed,fedora-all/fityk=notaffe |ed,fedora-all/fityk=notaffe
|cted,fedora-all/freeipa=aff |cted,fedora-all/freeipa=aff
|ected,fedora-all/gallery3=a |ected,fedora-all/gallery3=a
|ffected,fedora-all/global=a |ffected,fedora-all/global=a
|ffected,fedora-all/graphite |ffected,fedora-all/graphite
|-web=affected,fedora-all/ho |-web=affected,fedora-all/ho
|tot=affected,fedora-all/iki |tot=affected,fedora-all/iki
|wiki=affected,fedora-all/li |wiki=affected,fedora-all/li
|bgda=affected,fedora-all/me |bgda=affected,fedora-all/me
|diawiki=affected,fedora-all |diawiki=affected,fedora-all
|/mojomojo=affected,fedora-a |/mojomojo=affected,fedora-a
|ll/nodejs-should=affected,f |ll/nodejs-should=affected,f
|edora-all/OpenLP=affected,f |edora-all/OpenLP=affected,f
|edora-all/openslides=affect |edora-all/openslides=affect
|ed,fedora-all/openteacher=a |ed,fedora-all/openteacher=a
|ffected,fedora-all/orbited= |ffected,fedora-all/orbited=
|affected,fedora-all/perl-Mo |affected,fedora-all/perl-Mo
|jolicious=affected,fedora-a |jolicious=affected,fedora-a
|ll/phpPgAdmin=affected,fedo |ll/phpPgAdmin=affected,fedo
|ra-all/python-backlash=affe |ra-all/python-backlash=affe
|cted,fedora-all/python-djan |cted,fedora-all/python-djan
|go=affected,fedora-all/pyth |go=affected,fedora-all/pyth
|on-django-debug-toolbar=aff |on-django-debug-toolbar=aff
|ected,fedora-all/python-dja |ected,fedora-all/python-dja
|ngo-typepadapp=affected,fed |ngo-typepadapp=affected,fed
|ora-all/python-django14=aff |ora-all/python-django14=aff
|ected,fedora-all/python-dja |ected,fedora-all/python-dja
|ngo15=affected,fedora-all/p |ngo15=affected,fedora-all/p
|ython-flask-debugtoolbar=af |ython-flask-debugtoolbar=af
|fected,fedora-all/python-pe |fected,fedora-all/python-pe
|bl=affected,fedora-all/pyth |bl=affected,fedora-all/pyth
|on-sphinx=affected,fedora-a |on-sphinx=affected,fedora-a
|ll/python-tw-jquery=affecte |ll/python-tw-jquery=affecte
|d,fedora-all/python-tw2-jqp |d,fedora-all/python-tw2-jqp
|lugins-flot=affected,fedora |lugins-flot=affected,fedora
|-all/python-tw2-jquery=affe |-all/python-tw2-jquery=affe
|cted,fedora-all/python-werk |cted,fedora-all/python-werk
|zeug=affected,fedora-all/py |zeug=affected,fedora-all/py
|thon-XStatic-jQuery=affecte |thon-XStatic-jQuery=affecte
|d,fedora-all/python-backlas |d,fedora-all/python-backlas
|h=affected,fedora-all/pytho |h=affected,fedora-all/pytho
|n-django=affected,fedora-al |n-django=affected,fedora-al
|l/python-sphinx=affected,fe |l/python-sphinx=affected,fe
|dora-all/python-werkzeug=af |dora-all/python-werkzeug=af
|fected,fedora-all/roundup=a |fected,fedora-all/roundup=a
|ffected,fedora-all/rubygem- |ffected,fedora-all/rubygem-
|jquery-rails=affected,fedor |jquery-rails=affected,fedor
|a-all/sagemath=affected,fed |a-all/sagemath=affected,fed
|ora-all/sparkleshare=affect |ora-all/sparkleshare=affect
|ed,fedora-all/spyder=affect |ed,fedora-all/spyder=affect
|ed,fedora-all/StarCluster=a |ed,fedora-all/StarCluster=a
|ffected,fedora-all/sticky-n |ffected,fedora-all/sticky-n
|otes=affected,fedora-all/su |otes=notaffected,fedora-all
|gar-help=affected,fedora-al |/sugar-help=affected,fedora
|l/varnish-agent=affected,fe |-all/varnish-agent=affected
|dora-all/webacula=affected, |,fedora-all/webacula=affect
|fedora-all/wesnoth=affected |ed,fedora-all/wesnoth=affec
|,fedora-all/why3=affected,f |ted,fedora-all/why3=affecte
|edora-all/wordpress=affecte |d,fedora-all/wordpress=affe
|d,fedora-all/yelp-xsl=affec |cted,fedora-all/yelp-xsl=af
|ted,fedora-all/zabbix=affec |fected,fedora-all/zabbix=af
|ted,epel-all/drupal7-jquery |fected,epel-all/drupal7-jqu
|_update=affected,epel-all/p |ery_update=affected,epel-al
|ython-tw-jquery=affected,ep |l/python-tw-jquery=affected
|el-all/python-tw2-jquery=af |,epel-all/python-tw2-jquery
|fected,epel-all/python-XSta |=affected,epel-all/python-X
|tic-jquery-ui=affected,open |Static-jquery-ui=affected,o
|shift-1/drupal6-jquery_ui-l |penshift-1/drupal6-jquery_u
|ib=new,openshift-1/ruby193- |i-lib=new,openshift-1/ruby1
|rubygem-jquery-rails=new,op |93-rubygem-jquery-rails=new
|enshift-enterprise-1/ruby19 |,openshift-enterprise-1/rub
|3-rubygem-jquery-rails=new, |y193-rubygem-jquery-rails=n
|openshift-enterprise-2/ruby |ew,openshift-enterprise-2/r
|193-rubygem-jquery-rails=ne |uby193-rubygem-jquery-rails
|w,rhscl-1.2/ror40-rubygem-j |=new,rhscl-1.2/ror40-rubyge
|query-rails=new,rhscl-1.2/r |m-jquery-rails=new,rhscl-1.
|uby193-rubygem-jquery-rails |2/ruby193-rubygem-jquery-ra
|=new,rhn_satellite_6/ruby19 |ils=new,rhn_satellite_6/rub
|3-rubygem-jquery-ui-rails=n |y193-rubygem-jquery-ui-rail
|ew,sam-1/ruby193-rubygem-jq |s=new,sam-1/ruby193-rubygem
|uery-rails=new,cfme-5/ruby1 |-jquery-rails=new,cfme-5/ru
|93-rubygem-jquery-rails=new |by193-rubygem-jquery-rails=
|,openstack-4/ruby193-rubyge |new,openstack-4/ruby193-rub
|m-jquery-rails=new,openstac |ygem-jquery-rails=new,opens
|k-foreman/ruby193-rubygem-j |tack-foreman/ruby193-rubyge
|query-ui-rails=new,rhel-6/i |m-jquery-ui-rails=new,rhel-
|pa=affected,rhel-6/python-s |6/ipa=affected,rhel-6/pytho
|phinx=new,rhel-7/ipa=affect |n-sphinx=new,rhel-7/ipa=aff
|ed,rhel-7/python-sphinx=new |ected,rhel-7/python-sphinx=
|,rhel-7/yelp-xsl=new |new,rhel-7/yelp-xsl=new
--- Comment #10 from Vasyl Kaigorodov <vkaigoro at redhat.com> ---
(In reply to Orion Poplawski from comment #7)
> What version of jquery was this issue introduced in? cobbler bundles jquery
> ui 1.8.18 and I'm not seeing the patched code in it, although it's hard for
> me to search in the minimized js.
All versions of jQUery UI prior to 1.10.0 are affected.
(In reply to Athmane Madjoudj from comment #6)
> Does this affected only packages with bundled jquery ui, or jquery in
> general.
>
> For example: sticky-notes has jquery (min) and jquery.cookie but not jquery
> ui (or code from it), does that make it vulnerable to this issue.
It affects packages which are using bundled jQuery UI version < 1.10.0
If a package is not using jQuery UI - it's not affected.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Z8Buk5xEax&a=cc_unsubscribe
More information about the perl-devel
mailing list