{ "id": "CVE-2016-7103", "sourceIdentifier": "cve@mitre.org", "published": "2017-03-15T16:59:00.173", "lastModified": "2023-06-22T19:50:11.053", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function." }, { "lang": "es", "value": "Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podr\u00eda permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro closeText de la funci\u00f3n dialog." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.10.0", "versionEndIncluding": "1.11.4", "matchCriteriaId": "C3528129-B978-4520-8569-126F9219D597" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", "versionEndExcluding": "19.1", "matchCriteriaId": "90CFEC52-A574-493E-A2AC-0EC21851BBFA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "03C46CCD-B49F-405A-A0A0-E0DFBA60F0D5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.12.42", "matchCriteriaId": "71CB79ED-A93E-4CBD-BCDD-82C5A00B373B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*", "matchCriteriaId": "747C7295-8731-4C59-BC81-CE60C4028C23" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0", "versionEndIncluding": "16.2", "matchCriteriaId": "6C060869-6873-4CC0-B140-C229818FDA5D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding": "17.0", "versionEndIncluding": "17.12.4", "matchCriteriaId": "E4F41053-5656-4017-918F-AD5F31DCA453" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding": "18.0", "versionEndIncluding": "18.8.4", "matchCriteriaId": "36FB86BE-67E5-4244-80B8-DBB54A4342F0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "versionEndIncluding": "21.2", "matchCriteriaId": "0D9E0011-6FF5-4C90-9780-7A1297BB09BF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95" }, { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252" } ] } ] } ], "references": [ { "url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/104823", "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url": "https://github.com/jquery/api.jqueryui.com/issues/281", "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://jqueryui.com/changelog/1.12.0/", "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://nodesecurity.io/advisories/127", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20190416-0007/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.drupal.org/sa-core-2022-002", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.oracle.com//security-alerts/cpujul2021.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.tenable.com/security/tns-2016-19", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] } ] }