Home > Vulnerability Database > CVE-2012-6662

Mend.io Vulnerability Database

CVE-2012-6662

Good to know:

Date: November 24, 2014

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

Language: C#

Severity Score

3.7

Related Resources (17)

Url: https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e

Url: https://github.com/jquery/jquery

Url: https://github.com/jquery/jquery/issues/2432

Url: http://www.securityfocus.com/bid/71107

Url: http://bugs.jqueryui.com/ticket/8861

Url: http://rhn.redhat.com/errata/RHSA-2015-0442.html

Url: https://access.redhat.com/security/cve/CVE-2012-6662

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/98697

Url: http://rhn.redhat.com/errata/RHSA-2015-1462.html

Url: http://bugs.jqueryui.com/ticket/8859

Url: https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-6662

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2012-6662.yml

Url: https://github.com/advisories/GHSA-qqxp-xp9v-vvx6

Url: http://seclists.org/oss-sec/2014/q4/616

Url: http://seclists.org/oss-sec/2014/q4/613

Url: https://www.mend.io/vulnerability-database/CVE-2012-6662

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 1.10.0

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-6662

Good to know:

Date: November 24, 2014

Language: C#

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?