CVE-2016-7103 (Medium) detected in jquery-ui-1.8.23.min.js

[mend-bolt-for-github]

CVE-2016-7103 - Medium Severity Vulnerability

Vulnerable Library - jquery-ui-1.8.23.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.8.23/jquery-ui.min.js

Path to vulnerable library: /vendor/simplesamlphp/simplesamlphp/www/resources/jquery-ui-1.8.js

Dependency Hierarchy:

• ❌ jquery-ui-1.8.23.min.js (Vulnerable Library)

Found in HEAD commit: fd17359125e6714801096e1c3ae3b23131de8463

Vulnerability Details

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Publish Date: 2017-03-15

URL: CVE-2016-7103

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7103

Release Date: 2017-03-15

Fix Resolution: jquery-ui - 1.12.0

---

Step up your Open Source Security Game with Mend here