6.5
CVE-2021-41183
- EPSS 2.34%
- Published 26.10.2021 15:15:10
- Last modified 21.11.2024 06:25:42
- Source security-advisories@github.com
- Teams watchlist Login
- Open Login
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Fedoraproject ≫ Fedora Version35
Fedoraproject ≫ Fedora Version36
Netapp ≫ H300s Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H300e Firmware Version-
Netapp ≫ H500e Firmware Version-
Netapp ≫ H700e Firmware Version-
Netapp ≫ H410s Firmware Version-
Netapp ≫ H410c Firmware Version-
Debian ≫ Debian Linux Version9.0
Oracle ≫ Application Express Version < 22.1.1
Oracle ≫ Banking Platform Version2.9.0
Oracle ≫ Banking Platform Version2.12.0
Oracle ≫ Big Data Spatial And Graph Version < 23.1
Oracle ≫ Big Data Spatial And Graph Version23.1
Oracle ≫ Communications Interactive Session Recorder Version6.4
Oracle ≫ Communications Operations Monitor Version4.3
Oracle ≫ Communications Operations Monitor Version4.4
Oracle ≫ Communications Operations Monitor Version5.0
Oracle ≫ Hospitality Inventory Management Version9.1.0
Oracle ≫ Hospitality Suite8 Version >= 8.11.0 <= 11.14.0
Oracle ≫ Hospitality Suite8 Version8.10.2
Oracle ≫ Jd Edwards Enterpriseone Tools Version <= 9.2.6.3
Oracle ≫ Mysql Enterprise Monitor Version <= 8.0.29
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59
Oracle ≫ Policy Automation Version >= 12.2.0 <= 12.2.5
Oracle ≫ Primavera Gateway Version >= 17.7 <= 17.12
Oracle ≫ Primavera Gateway Version18.8.0
Oracle ≫ Primavera Gateway Version19.12.0
Oracle ≫ Primavera Gateway Version20.12.0
Oracle ≫ Primavera Gateway Version21.12.0
Oracle ≫ Rest Data Services SwEdition- Version < 22.1.1
Oracle ≫ Rest Data Services Version22.1.1 SwEdition-
Oracle ≫ Weblogic Server Version12.2.1.3.0
Oracle ≫ Weblogic Server Version12.2.1.4.0
Oracle ≫ Weblogic Server Version14.1.1.0.0
Tenable ≫ Tenable.Sc Version < 5.21.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.34% | 0.843 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| security-advisories@github.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.