CVE-2010-5312

Description

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

How to fix CVE-2010-5312

To remediate CVE-2010-5312, upgrade the affected package to a fixed version below.

• Debian/drupal7—upgrade to 7.52-2+deb9u17 or later
• —upgrade to 1.10.1+dfsg-1 or later
• —upgrade to 1.8.dfsg-3+deb6u1 or later
• —upgrade to 1.8.ooops.21+dfsg-2+deb7u1 or later
• —upgrade to 1.10.0 or later
• —upgrade to 1.10.0 or later
• —upgrade to 1.10.0 or later
• —upgrade to 4.0.0 or later

Is CVE-2010-5312 being exploited?

Moderate — EPSS is 5.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (8)

• from 0, < 7.52-2+deb9u17
• from 0, < 1.10.1+dfsg-1
• from 0, < 1.8.dfsg-3+deb6u1
• from 0, < 1.8.ooops.21+dfsg-2+deb7u1
• >= 1.7.0, < 1.10.0
• >= 1.7.0, < 1.10.0
• >= 1.7.0, < 1.10.0
• from 0, < 4.0.0

CVSS scores

References (28)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-5312
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-5312
• PATCHgithub.com/jquery/jquery-ui
• WEBbugs.jqueryui.com/ticket/6016
• WEBrhn.redhat.com