{"id":"CVE-2016-7103","details":"Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.","aliases":["GHSA-hpcf-8vf9-q4gj"],"modified":"2026-03-20T11:14:36.127553Z","published":"2017-03-15T16:59:00.173Z","related":["SUSE-SU-2017:2351-1","openSUSE-SU-2024:11214-1","openSUSE-SU-2024:14131-1"],"references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190416-0007/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2932.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2933.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0161.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"},{"type":"ADVISORY","url":"https://www.drupal.org/sa-core-2022-002"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2016-19"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104823"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"},{"type":"ADVISORY","url":"https://nodesecurity.io/advisories/127"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"https://jqueryui.com/changelog/1.12.0/"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"type":"FIX","url":"https://github.com/jquery/api.jqueryui.com/issues/281"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"FIX","url":"https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jquery/api.jqueryui.com","events":[{"introduced":"0796bdec0246fdf212cbd35dd58562a4c47dc2b1"},{"last_affected":"ee78f51c8020cbb74f72abd9cae378c935b2b827"}],"database_specific":{"versions":[{"introduced":"1.10.0"},{"last_affected":"1.11.4"}]}},{"type":"GIT","repo":"https://github.com/jquery/jquery-ui","events":[{"introduced":"0"},{"fixed":"9644e7bae9116edaf8d37c5b38cb32b892f10ff6"}]}],"versions":["1.5.1","1.5.2","1.6","1.6rc2","1.6rc3","1.6rc5","1.6rc6","1.7","1.8","1.8.1","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.8a1","1.8a2","1.8b1","1.8rc1","1.8rc2","1.8rc3","1.9.0-beta.1","1.9.0m8","1.9m4","1.9m5","1.9m6","1.9m7","v1.10.0","v1.10.1","v1.10.1-1","v1.10.1-2","v1.10.10","v1.10.11","v1.10.12","v1.10.13","v1.10.14","v1.10.15","v1.10.16","v1.10.17","v1.10.18","v1.10.19","v1.10.2","v1.10.2-1","v1.10.2-2","v1.10.2-3","v1.10.2-4","v1.10.2-5","v1.10.2-6","v1.10.20","v1.10.21","v1.10.22","v1.10.3","v1.10.3-1","v1.10.3-2","v1.10.3-3","v1.10.3-4","v1.10.3-5","v1.10.3-6","v1.10.3-7","v1.10.4","v1.10.5","v1.10.6","v1.10.7","v1.10.8","v1.10.9","v1.11.0","v1.11.1","v1.11.2","v1.11.3","v1.11.4"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"19.1"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.11"}]},{"events":[{"introduced":"0"},{"fixed":"2.12.42"}]},{"events":[{"introduced":"0"},{"last_affected":"2.12.42"}]},{"events":[{"introduced":"16.0"},{"last_affected":"16.2"}]},{"events":[{"introduced":"17.0"},{"last_affected":"17.12.4"}]},{"events":[{"introduced":"18.0"},{"last_affected":"18.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2"}]},{"events":[{"introduced":"0"},{"last_affected":"10.3.6.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.3.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8"}]},{"events":[{"introduced":"0"},{"last_affected":"9"}]},{"events":[{"introduced":"0"},{"last_affected":"21.2-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7103.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}