{"id":"CVE-2016-7103","details":"Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.","aliases":["GHSA-hpcf-8vf9-q4gj"],"modified":"2026-06-30T04:00:25.562047249Z","published":"2017-03-15T16:59:00.173Z","related":["SUSE-SU-2017:2351-1","openSUSE-SU-2024:11214-1","openSUSE-SU-2024:14131-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","vendor_product":"oracle:application_express","cpes":["cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*"],"extracted_events":[{"fixed":"19.1"}]},{"source":"CPE_RANGE","vendor_product":"oracle:oss_support_tools","cpes":["cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*"],"extracted_events":[{"fixed":"2.12.42"}]},{"cpes":["cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"16.0"},{"last_affected":"16.2"},{"introduced":"17.0"},{"last_affected":"17.12.4"},{"introduced":"18.0"},{"last_affected":"18.8.4"}],"source":"CPE_RANGE","vendor_product":"oracle:primavera_unifier"},{"source":"CPE_RANGE","vendor_product":"oracle:siebel_ui_framework","cpes":["cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"21.2"}]},{"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0"}],"source":"CPE_STRING"},{"vendor_product":"fedoraproject:fedora","cpes":["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"30"},{"last_affected":"35"},{"last_affected":"36"}],"source":"CPE_STRING"},{"cpes":["cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"21.2-NA"}],"source":"CPE_STRING","vendor_product":"juniper:junos"},{"source":"CPE_STRING","vendor_product":"oracle:business_intelligence","cpes":["cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*","cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*"],"extracted_events":[{"last_affected":"12.2.1.3.0"},{"last_affected":"12.2.1.4.0"}]},{"source":"CPE_STRING","vendor_product":"oracle:hospitality_cruise_fleet_management","cpes":["cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0.11"}]},{"source":"CPE_STRING","vendor_product":"oracle:oss_support_tools","cpes":["cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"2.12.42"}]},{"vendor_product":"oracle:weblogic_server","cpes":["cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"10.3.6.0.0"},{"last_affected":"12.1.3.0.0"},{"last_affected":"12.2.1.3.0"}],"source":"CPE_STRING"},{"source":"CPE_STRING","vendor_product":"redhat:openstack","cpes":["cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0"},{"last_affected":"8"},{"last_affected":"9"}]}]},"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2932.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2933.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0161.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104823"},{"type":"ADVISORY","url":"https://jqueryui.com/changelog/1.12.0/"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"},{"type":"ADVISORY","url":"https://nodesecurity.io/advisories/127"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190416-0007/"},{"type":"ADVISORY","url":"https://www.drupal.org/sa-core-2022-002"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2016-19"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"type":"FIX","url":"https://github.com/jquery/api.jqueryui.com/issues/281"},{"type":"FIX","url":"https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jquery/api.jqueryui.com","events":[{"introduced":"0796bdec0246fdf212cbd35dd58562a4c47dc2b1"},{"last_affected":"ee78f51c8020cbb74f72abd9cae378c935b2b827"}],"database_specific":{"cpe":"cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.10.0"},{"last_affected":"1.11.4"}],"source":"CPE_RANGE"}}],"versions":["v1.11.4","v1.11.3","v1.11.2","v1.11.1","v1.11.0","v1.10.22","v1.10.21","v1.10.20","v1.10.19","v1.10.18","v1.10.17","v1.10.16","v1.10.15","v1.10.14","v1.10.13","v1.10.12","v1.10.11","v1.10.10","v1.10.9","v1.10.8","v1.10.7","v1.10.6","v1.10.5","v1.10.4","v1.10.3-7","v1.10.3-6","v1.10.3-5","v1.10.3-4","v1.10.3-3","v1.10.3-2","v1.10.3-1","v1.10.3","v1.10.2-6","v1.10.2-5","v1.10.2-4","v1.10.2-3","v1.10.2-2","v1.10.2-1","v1.10.2","v1.10.1-2","v1.10.1-1","v1.10.1","v1.10.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7103.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/jquery/jquery-ui","events":[{"introduced":"0"},{"fixed":"9644e7bae9116edaf8d37c5b38cb32b892f10ff6"}],"database_specific":{"source":"REFERENCES"}}],"versions":["1.9.0-beta.1","1.9.0m8","1.9m6","1.8.6","1.8.5","1.8.4","1.8.3","1.8.2","1.8.1","1.8","1.8rc3","1.8rc2","1.8rc1","1.8b1","1.8a2","1.8a1","1.7","1.6","1.6rc6","1.6rc5","1.6rc3","1.6rc2","1.5.2","1.5.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7103.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}