Bug 1360286 (CVE-2016-7103)
| Summary: | CVE-2016-7103 jquery-ui: cross-site scripting in dialog closeText | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | aboyko, ahenning, alazarot, anstephe, apevec, ayoung, bkearney, cbillett, chrisw, cvsbot-xmlrpc, emingora, etirelli, gmollett, ibek, jjoyce, jmatthew, jrokos, jschluet, jstastny, kbasil, krathod, kverlaen, lhh, lpeer, markmc, mburns, meissner, mmccune, mnovotny, mrunge, ohadlevy, pjindal, pskopek, pvalena, rbryant, rdopiera, rguimara, rhos-maint, rrajasek, satellite6-bugs, sclewis, sguilhen, srevivo, strzibny, tdecacqu, thomas, tkasparek, tlestach, tsanders, tzimanyi |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | jquery-ui 1.12.0 | Doc Type: | Bug Fix |
| Doc Text: |
It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 02:56:31 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1360289, 1360290, 1360291, 1371008, 1371010, 1371011, 1371012, 1371013, 1371014, 1371015, 1371016, 1438799, 1438800 | ||
| Bug Blocks: | 1360295, 2014197 | ||
|
Description
Martin Prpič
2016-07-26 12:00:52 UTC
Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: fedora-all [bug 1360289] Affects: epel-7 [bug 1360291] Created rubygem-jquery-ui-rails tracking bugs for this issue: Affects: fedora-all [bug 1360290] I have downgraded the impact to low as its unlikely that a user controlled variable would be passed to the dialog box close field This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2016:2933 https://rhn.redhat.com/errata/RHSA-2016-2933.html This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2016:2932 https://rhn.redhat.com/errata/RHSA-2016-2932.html This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:0161 https://rhn.redhat.com/errata/RHSA-2017-0161.html Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: openstack-rdo [bug 1438800] Created rubygem-jquery-ui-rails tracking bugs for this issue: Affects: openstack-rdo [bug 1438799] > can we get a tracker for RDO as it is impacted and was missed when this was created.
Hi Jon,
I've added tracking bugs for both the affected python and ruby libraries in RDO
Statement: Red Hat Enterprise Satellite 5 is now in phase 3 of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite. |