CVE-2021-41182

Exploit

EPSS 22.27%
Veröffentlicht 26.10.2021 15:15:10
Zuletzt bearbeitet 21.11.2024 06:25:41
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jqueryui ≫ Jquery Ui SwPlatformjquery Version < 1.13.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Debian ≫ Debian Linux Version9.0

Drupal ≫ Drupal Version >= 7.0 < 7.86

Oracle ≫ Communications Interactive Session Recorder Version6.4

Oracle ≫ Communications Operations Monitor Version4.3

Oracle ≫ Communications Operations Monitor Version4.4

Oracle ≫ Communications Operations Monitor Version5.0

Oracle ≫ Hospitality Suite8 Version >= 8.11.0 <= 8.14.0

Oracle ≫ Hospitality Suite8 Version8.10.2

Oracle ≫ Mysql Enterprise Monitor Version <= 8.0.29

Oracle ≫ Primavera Unifier Version17.7

Oracle ≫ Primavera Unifier Version17.8

Oracle ≫ Primavera Unifier Version17.9

Oracle ≫ Primavera Unifier Version17.10

Oracle ≫ Primavera Unifier Version17.11

Oracle ≫ Primavera Unifier Version17.12

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Primavera Unifier Version21.12

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

Tenable ≫ Tenable.Sc Version < 5.21.0

Oracle ≫ Agile Plm Version9.3.6

Oracle ≫ Application Express Version < 22.1.1

Oracle ≫ Banking Platform Version2.9.0

Oracle ≫ Banking Platform Version2.12.0

Oracle ≫ Big Data Spatial And Graph Version < 23.1

Oracle ≫ Big Data Spatial And Graph Version23.1

Oracle ≫ Communications Interactive Session Recorder Version6.4

Oracle ≫ Communications Operations Monitor Version4.3

Oracle ≫ Communications Operations Monitor Version4.4

Oracle ≫ Communications Operations Monitor Version5.0

Oracle ≫ Hospitality Inventory Management Version9.1.0

Oracle ≫ Hospitality Materials Control Version18.1

Oracle ≫ Hospitality Suite8 Version >= 8.11.0 <= 8.14.0

Oracle ≫ Hospitality Suite8 Version8.10.2

Oracle ≫ Jd Edwards Enterpriseone Tools Version <= 9.2.6.3

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Oracle ≫ Policy Automation Version >= 12.2.0 <= 12.2.25

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Primavera Unifier Version21.12

Oracle ≫ Rest Data Services SwEdition- Version < 22.1.1

Oracle ≫ Rest Data Services Version22.1.1 SwEdition-

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.27%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/

Third Party Advisory

Mailing List