CVE-2016-7103

Published on: 03/15/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Certain versions of Fedora from Fedoraproject contain the following vulnerability:

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

  • CVE-2016-7103 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.1 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED LOW LOW NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Dialog: Escape closeText option before passing it to button · jquery/[email protected] · GitHub Patch
Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
Pony Mail! Mailing List
Third Party Advisory
lists.apache.org
text/html
URL Logo MLIST [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
CPU July 2018 Third Party Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
[R6] SecurityCenter 5.4.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable Network Security Third Party Advisory
www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2016-19
Pony Mail! Mailing List
Third Party Advisory
lists.apache.org
text/html
URL Logo MLIST [roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js
Node Security Platform | Advisory Third Party Advisory
nodesecurity.io
text/html
URL Logo MISC nodesecurity.io/advisories/127
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2933
[SECURITY] Fedora 30 Update: rubygem-jquery-ui-rails-6.0.1-1.fc30 - package-announce - Fedora Mailing-Lists Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2019-a96124345a
Pony Mail! Mailing List
Third Party Advisory
lists.apache.org
text/html
URL Logo MLIST [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
XSS Vulnerability on closeText option of Dialog jQuery UI · Issue #281 · jquery/api.jqueryui.com · GitHub Exploit
Patch
Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/jquery/api.jqueryui.com/issues/281
Oracle Critical Patch Update - July 2019 Third Party Advisory
www.oracle.com
text/html
URL Logo MISC www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2932
Red Hat Customer Portal Third Party Advisory
VDB Entry
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0161
jQuery UI 1.12.0 Changelog | jQuery UI Release Notes
Vendor Advisory
jqueryui.com
text/html
URL Logo CONFIRM jqueryui.com/changelog/1.12.0/
Oracle Primavera Unifier Multiple Security Vulnerabilities Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 104823
Oracle Critical Patch Update - October 2019 Third Party Advisory
www.oracle.com
text/html
URL Logo MISC www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Pony Mail! Mailing List
Third Party Advisory
lists.apache.org
text/html
URL Logo MLIST [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
Oracle Critical Patch Update Advisory - April 2020 Third Party Advisory
www.oracle.com
text/html
URL Logo N/A N/A
September 2018 jQuery Vulnerabilities in NetApp Products | NetApp Product Security Third Party Advisory
security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20190416-0007/
Pony Mail! Mailing List
Third Party Advisory
lists.apache.org
text/html
URL Logo MLIST [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
Oracle Critical Patch Update Advisory - April 2019 Third Party Advisory
www.oracle.com
text/html
URL Logo MISC www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
FedoraprojectFedora30AllAllAll
Operating
System
FedoraprojectFedora30AllAllAll
ApplicationJqueryJquery Ui1.10.0beta1AllAll
ApplicationJqueryJquery Ui1.10.0rc1AllAll
ApplicationJqueryJquery Ui1.10.0beta1AllAll
ApplicationJqueryJquery Ui1.10.0rc1AllAll
ApplicationJqueryJquery UiAllAllAllAll
ApplicationNetappSnapcenter-AllAllAll
ApplicationNetappSnapcenter-AllAllAll
ApplicationOracleApplication ExpressAllAllAllAll
ApplicationOracleApplication ExpressAllAllAllAll
ApplicationOracleBusiness Intelligence12.2.1.3.0AllAllAll
ApplicationOracleBusiness Intelligence12.2.1.4.0AllAllAll
ApplicationOracleBusiness Intelligence12.2.1.3.0AllAllAll
ApplicationOracleBusiness Intelligence12.2.1.4.0AllAllAll
ApplicationOracleHospitality Cruise Fleet Management9.0.11AllAllAll
ApplicationOracleHospitality Cruise Fleet Management9.0.11AllAllAll
ApplicationOraclePrimavera UnifierAllAllAllAll
ApplicationOraclePrimavera UnifierAllAllAllAll
ApplicationOraclePrimavera UnifierAllAllAllAll
ApplicationOracleWeblogic Server10.3.6.0.0AllAllAll
ApplicationOracleWeblogic Server12.1.3.0.0AllAllAll
ApplicationOracleWeblogic Server12.2.1.3.0AllAllAll
ApplicationOracleWeblogic Server10.3.6.0.0AllAllAll
ApplicationOracleWeblogic Server12.1.3.0.0AllAllAll
ApplicationOracleWeblogic Server12.2.1.3.0AllAllAll
ApplicationRedhatOpenstack7.0AllAllAll
ApplicationRedhatOpenstack8.0AllAllAll
ApplicationRedhatOpenstack9.0AllAllAll
ApplicationRedhatOpenstack7.0AllAllAll
ApplicationRedhatOpenstack8.0AllAllAll
ApplicationRedhatOpenstack9.0AllAllAll
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*:
  • cpe:2.3:a:jquery:jquery_ui:1.10.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:jquery:jquery_ui:1.10.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:jquery:jquery_ui:1.10.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:jquery:jquery_ui:1.10.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*: