VDB
CVE-2012-6662
CVE-2012-6662
REJECTED
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
EPSS 7.05% · 91.7th percentile
Risk Scores
EPSS Score
7.05%
91.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | jqueryui | 0 |
Exploit Intelligence
- https://github.com/jquery/jquery/issues/2432 (circl)
- RHSA-2015:0442 (circl)
- http://bugs.jqueryui.com/ticket/8861 (circl)
- jqueryui-cve20126662-xss(98697) (circl)
- [oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0 (circl)
- https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde (circl)
- RHSA-2015:1462 (circl)
- http://bugs.jqueryui.com/ticket/8859 (circl)
- 71107 (circl)
- [oss-security] 20141114 old CVE assignments for JQuery 1.10.0 (circl)
…and 1 more exploits
Timeline
- Nov 24, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 2, 2025 EPSS Score
- Apr 3, 2025 EPSS Score
- Apr 8, 2025 EPSS Score
- Apr 14, 2025 CVE Updated
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2012-6662 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2012-6662 third-party-advisory