Vulnerability Details : CVE-2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Vulnerability category: Cross site scripting (XSS)
Threat overview for CVE-2016-7103
Top countries where our scanners detected CVE-2016-7103
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-7103 12,198
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-7103!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-7103
Probability of exploitation activity in the next 30 days: 0.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-7103
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2016-7103
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7103
-
http://rhn.redhat.com/errata/RHSA-2016-2932.html
RHSA-2016:2932 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020Third Party Advisory
-
https://www.drupal.org/sa-core-2022-002
Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002 | Drupal.orgThird Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Page not found | OraclePatch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
[SECURITY] Fedora 36 Update: drupal7-7.92-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019Patch;Third Party Advisory
-
https://www.oracle.com//security-alerts/cpujul2021.html
Oracle Critical Patch Update Advisory - July 2021Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Third Party Advisory
-
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
Dependencies used by Drill contain known vulnerabilities-Apache Mail ArchivesMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2933.html
RHSA-2016:2933 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
[jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities-Apache Mail ArchivesMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/
[SECURITY] Fedora 30 Update: rubygem-jquery-ui-rails-6.0.1-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
[jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities-Apache Mail ArchivesMailing List;Third Party Advisory
-
https://github.com/jquery/api.jqueryui.com/issues/281
XSS Vulnerability on closeText option of Dialog jQuery UI · Issue #281 · jquery/api.jqueryui.com · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
-
https://www.tenable.com/security/tns-2016-19
[R6] SecurityCenter 5.4.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6
Dialog: Escape closeText option before passing it to button · jquery/jquery-ui@9644e7b · GitHubPatch;Third Party Advisory
-
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
[jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js-Apache Mail ArchivesMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
[SECURITY] Fedora 35 Update: drupal7-7.92-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://jqueryui.com/changelog/1.12.0/
jQuery UI 1.12.0 Changelog | jQuery UIRelease Notes;Vendor Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1-Apache Mail ArchivesMailing List;Third Party Advisory
-
https://nodesecurity.io/advisories/127
npmThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html
[SECURITY] [DLA-2889-1] drupal7 security updateMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0161.html
RHSA-2017:0161 - Security Advisory - Red Hat Customer PortalThird Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20190416-0007/
September 2018 jQuery Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/104823
Oracle Primavera Unifier Multiple Security VulnerabilitiesBroken Link;Third Party Advisory;VDB Entry
Products affected by CVE-2016-7103
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:*