Possible vulnerability in jQuery-UI
H
Harri Leivo
v1/ext/CogBox/js/libs/jquery-ui/jquery-ui.min.js?v=433002369
Vulnerability info:
* Medium: XSS in the `altField' option of the Datepicker widget CVE-2021-41182 GHSA-9gj3-hwp5-pmwc
* Medium: XSS in the `of option of the '.position() util CVE-2021-41184 GHSA-gpqq-952q-5327
* Medium: XSS Vulnerability on text options of datepicker CVE-2021-41183 15284 GHSA-j7qv-pgf6-hvh4
* Medium: XSS when refreshing a checkboxradio with an HTML-like initial text label CVE-2022-31160 2101 GHSA-h6gj-6jjq-h8g9
P
Paul Mendelson
Thanks for this. I've been slowly phasing out jquery from my controls, but I guess now is the time to get rid of it completely.
H
Harri Leivo
Thank you for your quick response. The customer's security team discovered the vulnerabilities while performing a pen test on the Cognos environment.