6.5
CVE-2021-41184
- EPSS 22.09%
- Veröffentlicht 26.10.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 06:25:42
- Quelle security-advisories@github.com
- Teams Watchlist Login
- Unerledigt Login
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Fedoraproject ≫ Fedora Version35
Fedoraproject ≫ Fedora Version36
Netapp ≫ H300s Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H300e Firmware Version-
Netapp ≫ H500e Firmware Version-
Netapp ≫ H700e Firmware Version-
Netapp ≫ H410s Firmware Version-
Netapp ≫ H410c Firmware Version-
Tenable ≫ Tenable.Sc Version < 5.21.0
Oracle ≫ Application Express Version < 22.1.1
Oracle ≫ Banking Platform Version2.9.0
Oracle ≫ Banking Platform Version2.12.0
Oracle ≫ Big Data Spatial And Graph Version < 23.1
Oracle ≫ Big Data Spatial And Graph Version23.1
Oracle ≫ Communications Interactive Session Recorder Version6.4
Oracle ≫ Communications Operations Monitor Version4.3
Oracle ≫ Communications Operations Monitor Version4.4
Oracle ≫ Communications Operations Monitor Version5.0
Oracle ≫ Hospitality Inventory Management Version9.1.0
Oracle ≫ Hospitality Materials Control Version18.1
Oracle ≫ Hospitality Suite8 Version >= 8.11.0 <= 8.14.0
Oracle ≫ Hospitality Suite8 Version8.10.2
Oracle ≫ Jd Edwards Enterpriseone Tools Version <= 9.2.6.3
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59
Oracle ≫ Policy Automation Version >= 12.2.0 <= 12.2.25
Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12
Oracle ≫ Primavera Unifier Version18.8
Oracle ≫ Primavera Unifier Version19.12
Oracle ≫ Primavera Unifier Version20.12
Oracle ≫ Primavera Unifier Version21.12
Oracle ≫ Rest Data Services SwEdition- Version < 22.1.1
Oracle ≫ Rest Data Services Version22.1.1 SwEdition-
Oracle ≫ Weblogic Server Version12.2.1.3.0
Oracle ≫ Weblogic Server Version12.2.1.4.0
Oracle ≫ Weblogic Server Version14.1.1.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 22.09% | 0.956 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| security-advisories@github.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.