VYPR
Moderate severityNVD Advisory· Published Oct 26, 2021· Updated Feb 13, 2025

XSS in `*Text` options of the Datepicker widget

CVE-2021-41183

Description

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jquery-uinpm
< 1.13.01.13.0
org.webjars.npm:jquery-uiMaven
< 1.13.01.13.0
jquery-ui-railsRubyGems
< 7.0.07.0.0
jQuery.UI.CombinedNuGet
< 1.13.01.13.0

Affected products

51

Patches

Vulnerability mechanics

References

32

News mentions

0

No linked articles in our index yet.