cve/CVE-2021-41183.md at b50325b7a339fb96f218f7b1a001c5a2ad067468

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

POC

Reference

https://www.drupal.org/sa-contrib-2022-004
https://www.drupal.org/sa-core-2022-001
https://www.drupal.org/sa-core-2022-002
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ChamalBandara/CVEs
https://github.com/amakhu/cdp
https://github.com/cve-sandbox/jquery-ui
https://github.com/jev770/badmoodle-scan
https://github.com/marksowell/retire-html-parser
https://github.com/planningcenter/bundle-audit-action

1.5 KiB Raw Blame History

CVE-2021-41183

Description

POC

Reference

Github

1.5 KiB

Raw Blame History