CVE-2010-5312 (Medium) detected in jquery.ui.combined.1.8.24.nupkg, jquery.ui.combined.1.8.24.nupkg

[mend-bolt-for-github[bot]]

CVE-2010-5312 - Medium Severity Vulnerability

Vulnerable Libraries - jquery.ui.combined.1.8.24.nupkg, jquery.ui.combined.1.8.24.nupkg

jquery.ui.combined.1.8.24.nupkg

The full jQuery UI library as a single combined file. Includes the base theme.

Library home page: https://api.nuget.org/packages/jquery.ui.combined.1.8.24.nupkg

Path to dependency file: /tmp/ws-scm/Export_Word_Excel_PDF_CSV_HTML/ExportDemo1/ExportDemo2/packages.config

Path to vulnerable library: /Export_Word_Excel_PDF_CSV_HTML/ExportDemo1/ExportDemo2/packages.config

Dependency Hierarchy:

• :x: jquery.ui.combined.1.8.24.nupkg (Vulnerable Library)

jquery.ui.combined.1.8.24.nupkg

jQuery UI is an open source library of interface components — interactions, full-featured widgets, a...

Library home page: https://api.nuget.org/packages/jquery.ui.combined.1.8.24.nupkg

Path to vulnerable library: /Export_Word_Excel_PDF_CSV_HTML/ExportDemo1/packages/jQuery.UI.Combined.1.8.24/jQuery.UI.Combined.1.8.24.nupkg

Dependency Hierarchy:

• :x: jquery.ui.combined.1.8.24.nupkg (Vulnerable Library)

Found in HEAD commit: ac1c6324d66f6592541630cad9e7ea4d6b5cb2a4

Vulnerability Details

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

Publish Date: 2014-11-24

URL: CVE-2010-5312

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2010-5312

Release Date: 2014-11-24

Fix Resolution: 1.10.0

---

Step up your Open Source Security Game with WhiteSource here