Vulnerability Database

296,733

Total vulnerabilities in the database

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
fedoraproject / fedora 33 33.x
fedoraproject / fedora 34 34.x
fedoraproject / fedora 35 35.x
fedoraproject / fedora 36 36.x
drupal / drupal 9.3.0 9.3.3
drupal / drupal 9.2.0 9.2.11
drupal / drupal 7.0 7.86
tenable / tenable.sc - 5.21.0
oracle / hospitality_suite8 8.10.2 8.10.2.x
oracle / weblogic_server 12.2.1.3.0 12.2.1.3.0.x
oracle / primavera_unifier 18.8 18.8.x
oracle / primavera_unifier 17.7 17.12.x
oracle / hospitality_materials_control 18.1 18.1.x
oracle / agile_plm 9.3.6 9.3.6.x
oracle / weblogic_server 12.2.1.4.0 12.2.1.4.0.x
oracle / peoplesoft_enterprise_peopletools 8.58 8.58.x
oracle / primavera_unifier 19.12 19.12.x
oracle / weblogic_server 14.1.1.0.0 14.1.1.0.0.x
oracle / banking_platform 2.9.0 2.9.0.x
oracle / primavera_unifier 20.12 20.12.x
oracle / hospitality_inventory_management 9.1.0 9.1.0.x
oracle / communications_interactive_session_recorder 6.4 6.4.x
oracle / peoplesoft_enterprise_peopletools 8.59 8.59.x
oracle / communications_operations_monitor 4.3 4.3.x
oracle / banking_platform 2.12.0 2.12.0.x
oracle / communications_operations_monitor 4.4 4.4.x
oracle / communications_operations_monitor 5.0 5.0.x
oracle / primavera_unifier 21.12 21.12.x
oracle / big_data_spatial_and_graph 23.1 23.1.x
oracle / big_data_spatial_and_graph - 23.1
oracle / hospitality_suite8 8.11.0 8.14.0.x
oracle / jd_edwards_enterpriseone_tools - 9.2.6.3.x
oracle / rest_data_services - 22.1.1
oracle / application_express - 22.1.1
oracle / rest_data_services 22.1.1 22.1.1.x
oracle / policy_automation 12.2.0 12.2.25.x
Node.js icon jquery-ui - 1.13.0
jqueryui / jquery_ui - 1.13.0