VDB

DEBIAN-CVE-2021-41184

DEBIAN-CVE-2021-41184 PUBLISHED CVSS 6.099999904632568 MEDIUM

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Debian:14jqueryui0, 0, 0
Debian:11otrs23.1.7+dfsg1-2, 4.0.11-1, 6.0.6-1
Debian:11jqueryui0, *, 1.12.1+dfsg-8
Debian:12jqueryui0, 0, 0
Debian:13jqueryui0, 0, 0

Timeline

  • Oct 26, 2021 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›