CVE-2012-6662

Published: Nov 24, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

Affected (5)

Products: Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server, Enterprise Linux Workstation · Jqueryui: Jquery Ui

4 products

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Server

Enterprise Linux Workstation

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Hpc Node	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Jqueryui Jquery Ui	Version 1.10.0 rc1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (22)

http://bugs.jqueryui.com/ticket/8859

Source: cve@mitre.org

Issue TrackingVendor Advisory

http://bugs.jqueryui.com/ticket/8861

Source: cve@mitre.org

Issue TrackingVendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-0442.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1462.html

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q4/613

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/oss-sec/2014/q4/616

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/71107

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/98697

Source: cve@mitre.org

https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/jquery/jquery/issues/2432

Source: cve@mitre.org

http://bugs.jqueryui.com/ticket/8859

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

http://bugs.jqueryui.com/ticket/8861

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-0442.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1462.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/oss-sec/2014/q4/613

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/oss-sec/2014/q4/616

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/71107

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/98697

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/jquery/jquery/issues/2432

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.