Bugzilla – Bug 996004
VUL-1: CVE-2016-7103: python-XStatic-jquery-ui: cross-site scripting in dialog closeText
Last modified: 2019-10-02 14:47:00 UTC
rh#1360286 It was found that jQuery-UI, a library for manipulating UI elements via jQuery, has a cross site scripting (XSS) vulnerability in the closeText parameter of the dialog function. If an application passes user input to this parameter, it may be vulnerable to XSS. Upstream patch: https://github.com/jquery/jquery-ui/pull/1622 External References: https://nodesecurity.io/advisories/127 References: https://bugzilla.redhat.com/show_bug.cgi?id=1360286 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7103
bugbot adjusting priority
Dirk, upstream is at 1.12.0.1. https://pypi.python.org/pypi/XStatic-jquery-ui This package is not in Factory. Please bring this into Factory as per our policy!
Fix: https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
Passing attacker controlled content to the closeText is unlikely. VUL-1.
SUSE-SU-2017:2351-1: An update that fixes one vulnerability is now available. Category: security (low) Bug References: 996004 CVE References: CVE-2016-7103 Sources used: SUSE OpenStack Cloud 7 (src): python-XStatic-jquery-ui-1.11.0.1-2.3.1
done