IM
IronMonkey Threat Research

CVE-2016-7103 MEDIUM

Published: 2017-03-15 | Last Modified: 2026-06-17 | Status: Modified

Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Additional Descriptions (1)

Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro closeText de la función dialog.

CVSS Metrics

Base Score: 6.1 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
ScopeCHANGED
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 2.7

Base Score: 4.3 (MEDIUM)

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-79

Affected Products

Vendor Product Version Update Type
jqueryui jquery_ui * <built-in method update of dict object at 0x72a9cd06da40> Application
oracle application_express * <built-in method update of dict object at 0x72a9b0906b80> Application
oracle business_intelligence 12.2.1.3.0 <built-in method update of dict object at 0x72a9cc562600> Application
oracle business_intelligence 12.2.1.4.0 <built-in method update of dict object at 0x72a9b0b69c40> Application
oracle hospitality_cruise_fleet_management 9.0.11 <built-in method update of dict object at 0x72a9cd06f7c0> Application
oracle oss_support_tools * <built-in method update of dict object at 0x72a9b0a77b40> Application
oracle oss_support_tools 2.12.42 <built-in method update of dict object at 0x72a9b0905ac0> Application
oracle primavera_unifier * <built-in method update of dict object at 0x72a9b0905480> Application
oracle primavera_unifier * <built-in method update of dict object at 0x72a9b0a76c40> Application
oracle primavera_unifier * <built-in method update of dict object at 0x72a9cd06ee00> Application
oracle siebel_ui_framework * <built-in method update of dict object at 0x72a9b0b6af80> Application
oracle weblogic_server 10.3.6.0.0 <built-in method update of dict object at 0x72a9b0905000> Application
oracle weblogic_server 12.1.3.0.0 <built-in method update of dict object at 0x72a9cc5ddfc0> Application
oracle weblogic_server 12.2.1.3.0 <built-in method update of dict object at 0x72a9cd06c080> Application
fedoraproject fedora 30 <built-in method update of dict object at 0x72a9b0906200> Operating System
fedoraproject fedora 35 <built-in method update of dict object at 0x72a9b09077c0> Operating System
fedoraproject fedora 36 <built-in method update of dict object at 0x72a9b0906000> Operating System
netapp snapcenter - <built-in method update of dict object at 0x72a9cc6994c0> Application
redhat openstack 7.0 <built-in method update of dict object at 0x72a9b0a75580> Application
redhat openstack 8 <built-in method update of dict object at 0x72a9b0b69a00> Application
redhat openstack 9 <built-in method update of dict object at 0x72a9b0a75c80> Application
juniper junos 21.2 <built-in method update of dict object at 0x72a9b09060c0> Operating System
debian debian_linux 9.0 <built-in method update of dict object at 0x72a9cd0d9300> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
Yes cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
Yes cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

References

Notification
Message here