CVE-2021-41184
Description
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
22.087
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (10.4.0) | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.4.0) | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.2.0.20130) | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (10.2.0.20130) | Windows |
| Multiple vulnerabilities are fixed in Nessus 6.0.1 | Windows |
| Multiple vulnerabilities are fixed in Tenable Nessus 10.4.0 | Windows |
| Multiple vulnerabilities are fixed in Tenable Nessus 10.2.0 | Windows |
| Multiple vulnerabilities are fixed in Tenable Nessus 6.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.0 | Windows |
| Vulnerabilities CVE-2021-41183,CVE-2021-41184,CVE-2021-41182 are fixed in WebJars - jquery-ui 1.13.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.1 | Windows |
| Vulnerabilities CVE-2021-41183,CVE-2021-41184,CVE-2021-41182 are fixed in Ruby-jquery-ui-rails 7.0.0 | Windows |
| Vulnerabilities CVE-2021-41183,CVE-2021-41184,CVE-2021-41182 are fixed in Nuget - jQuery.UI.Combined 1.13.0 | Windows |
| JavaScript UI library for dynamic web applications (USN-6419-1) node-jquery-ui_1.12.1+dfsg-5ubuntu0.20.04.1_all.deb | Linux |
| JavaScript UI library for dynamic web applications (USN-6419-1) node-jquery-ui_1.12.1+dfsg-5_all.deb | Linux |
| JavaScript UI library for dynamic web applications (USN-6419-1) libjs-jquery-ui_1.12.1+dfsg-5ubuntu0.20.04.1_all.deb | Linux |
| JavaScript UI library for dynamic web applications (USN-6419-1) libjs-jquery-ui_1.10.1+dfsg-1_all.deb | Linux |
| JavaScript UI library for dynamic web applications (USN-6419-1) libjs-jquery-ui_1.12.1+dfsg-5_all.deb | Linux |
| Vulnerabilities CVE-2021-41183,CVE-2021-41184,CVE-2021-41182 are fixed in WebJars - jquery-ui for Linux 1.13.0 | Linux |
| Vulnerabilities CVE-2021-41183,CVE-2021-41184,CVE-2021-41182 are fixed in Ruby-jquery-ui-rails for Linux 7.0.0 | Linux |
| Vulnerabilities CVE-2021-41183,CVE-2021-41184,CVE-2021-41182 are fixed in Nuget - jQuery.UI.Combined for Linux 1.13.0 | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-346981 | Nessus Agent (10.8.4) (Manual Upload Required) |
| PATCH-346982 | Nessus Agent (x64) (10.8.4) (Manual Upload Required) |
| PATCH-346982 | Nessus Agent (x64) (10.8.4) (Manual Upload Required) |
| PATCH-346981 | Nessus Agent (10.8.4) (Manual Upload Required) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234