jQuery-ui-dialog - XSS vulnerability under 1.10.0, closeText parameter

Impact area

Security

Severity

High

Affected element

ServiceNow

UI Script

Salesforce

Static Resource


Rule number

SN-JSL-016 (for ServiceNow)

SF-JSL-016 (for Salesforce)

Impact

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Remediation

Update jQuery to the latest version.

Time to fix

30 min




Last modified on Aug 19, 2020