{"id":"USN-6419-1","summary":"jqueryui vulnerabilities","details":"Hong Phat Ly discovered that jQuery UI did not properly manage parameters\nfrom untrusted sources, which could lead to arbitrary web script or HTML\ncode injection. A remote attacker could possibly use this issue to perform\na cross-site scripting (XSS) attack. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7103)\n\nEsben Sparre Andreasen discovered that jQuery UI did not properly handle\nvalues from untrusted sources in the Datepicker widget. A remote attacker\ncould possibly use this issue to perform a cross-site scripting (XSS)\nattack and execute arbitrary code. This issue only affected\nUbuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.\n(CVE-2021-41182, CVE-2021-41183)\n\nIt was discovered that jQuery UI did not properly validate values from\nuntrusted sources. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 20.04 LTS. (CVE-2021-41184)\n\nIt was discovered that the jQuery UI checkboxradio widget did not properly\ndecode certain values from HTML entities. An attacker could possibly use\nthis issue to perform a cross-site scripting (XSS) attack and cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 20.04 LTS. (CVE-2022-31160)\n","modified":"2026-02-10T04:43:22Z","published":"2023-10-05T12:36:27Z","related":["UBUNTU-CVE-2016-7103","UBUNTU-CVE-2021-41182","UBUNTU-CVE-2021-41183","UBUNTU-CVE-2021-41184","UBUNTU-CVE-2022-31160"],"upstream":["CVE-2016-7103","CVE-2021-41182","CVE-2021-41183","CVE-2021-41184","CVE-2022-31160","UBUNTU-CVE-2016-7103","UBUNTU-CVE-2021-41182","UBUNTU-CVE-2021-41183","UBUNTU-CVE-2021-41184","UBUNTU-CVE-2022-31160"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6419-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7103"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41182"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41183"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-41184"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-31160"}],"affected":[{"package":{"name":"jqueryui","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/jqueryui@1.10.1+dfsg-1ubuntu0.14.04.1~esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.10.1+dfsg-1ubuntu0.14.04.1~esm1"}]}],"versions":["1.10.1+dfsg-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libjs-jquery-ui","binary_version":"1.10.1+dfsg-1ubuntu0.14.04.1~esm1"},{"binary_name":"libjs-jquery-ui-docs","binary_version":"1.10.1+dfsg-1ubuntu0.14.04.1~esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2016-7103"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-41182"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-41183"}],"ecosystem":"Ubuntu:Pro:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6419-1.json"}},{"package":{"name":"jqueryui","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/jqueryui@1.10.1+dfsg-1ubuntu0.16.04.1~esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.10.1+dfsg-1ubuntu0.16.04.1~esm1"}]}],"versions":["1.10.1+dfsg-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libjs-jquery-ui","binary_version":"1.10.1+dfsg-1ubuntu0.16.04.1~esm1"},{"binary_name":"libjs-jquery-ui-docs","binary_version":"1.10.1+dfsg-1ubuntu0.16.04.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2016-7103"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-41182"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-41183"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6419-1.json"}},{"package":{"name":"jqueryui","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/jqueryui@1.12.1+dfsg-5ubuntu0.18.04.1~esm3?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.1+dfsg-5ubuntu0.18.04.1~esm3"}]}],"versions":["1.12.1+dfsg-5","1.12.1+dfsg-5ubuntu0.18.04.1~esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"libjs-jquery-ui","binary_version":"1.12.1+dfsg-5ubuntu0.18.04.1~esm3"},{"binary_name":"libjs-jquery-ui-docs","binary_version":"1.12.1+dfsg-5ubuntu0.18.04.1~esm3"},{"binary_name":"node-jquery-ui","binary_version":"1.12.1+dfsg-5ubuntu0.18.04.1~esm3"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-41182"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-41183"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6419-1.json"}},{"package":{"name":"jqueryui","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/jqueryui@1.12.1+dfsg-5ubuntu0.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.1+dfsg-5ubuntu0.20.04.1"}]}],"versions":["1.12.1+dfsg-5"],"ecosystem_specific":{"binaries":[{"binary_name":"libjs-jquery-ui","binary_version":"1.12.1+dfsg-5ubuntu0.20.04.1"},{"binary_name":"libjs-jquery-ui-docs","binary_version":"1.12.1+dfsg-5ubuntu0.20.04.1"},{"binary_name":"node-jquery-ui","binary_version":"1.12.1+dfsg-5ubuntu0.20.04.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-41182"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-41183"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-41184"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-31160"}],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6419-1.json"}}],"schema_version":"1.7.3"}