ignatandrei
WS-2013-0009 (Low) detected in jquery.ui.combined.1.8.24.nupkg, jquery.ui.combined.1.8.24.nupkg
WS-2013-0009 - Low Severity Vulnerability
Vulnerable Libraries - jquery.ui.combined.1.8.24.nupkg, jquery.ui.combined.1.8.24.nupkg
jquery.ui.combined.1.8.24.nupkg
The full jQuery UI library as a single combined file. Includes the base theme.
Library home page: https://api.nuget.org/packages/jquery.ui.combined.1.8.24.nupkg
Path to dependency file: /tmp/ws-scm/Export_Word_Excel_PDF_CSV_HTML/ExportDemo1/ExportDemo2/packages.config
Path to vulnerable library: /Export_Word_Excel_PDF_CSV_HTML/ExportDemo1/ExportDemo2/packages.config
Dependency Hierarchy:
- :x: jquery.ui.combined.1.8.24.nupkg (Vulnerable Library)
jquery.ui.combined.1.8.24.nupkg
jQuery UI is an open source library of interface components — interactions, full-featured widgets, a...
Library home page: https://api.nuget.org/packages/jquery.ui.combined.1.8.24.nupkg
Path to vulnerable library: /Export_Word_Excel_PDF_CSV_HTML/ExportDemo1/packages/jQuery.UI.Combined.1.8.24/jQuery.UI.Combined.1.8.24.nupkg
Dependency Hierarchy:
- :x: jquery.ui.combined.1.8.24.nupkg (Vulnerable Library)
Found in HEAD commit: ac1c6324d66f6592541630cad9e7ea4d6b5cb2a4
Vulnerability Details
XSS vulnerability for applications with dynamic titles because title option is not properly escaped before being set in the dom in JQuery.ui.dialog before 1.10.0.
Publish Date: 2016-08-03
URL: WS-2013-0009
CVSS 2 Score Details (2.7)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://bugs.jqueryui.com/ticket/6016
Release Date: 2017-01-31
Fix Resolution: 1.10.0
Step up your Open Source Security Game with WhiteSource here
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "Published by a pub.dev verified publisher"){kind=small}