{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-27T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-13T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/jquery/jquery/issues/2432"}, {"name": "RHSA-2015:0442", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0442.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.jqueryui.com/ticket/8861"}, {"name": "jqueryui-cve20126662-xss(98697)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98697"}, {"name": "[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q4/616"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde"}, {"name": "RHSA-2015:1462", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1462.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.jqueryui.com/ticket/8859"}, {"name": "71107", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71107"}, {"name": "[oss-security] 20141114 old CVE assignments for JQuery 1.10.0", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q4/613"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6662", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/jquery/jquery/issues/2432", "refsource": "MISC", "url": "https://github.com/jquery/jquery/issues/2432"}, {"name": "RHSA-2015:0442", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0442.html"}, {"name": "http://bugs.jqueryui.com/ticket/8861", "refsource": "CONFIRM", "url": "http://bugs.jqueryui.com/ticket/8861"}, {"name": "jqueryui-cve20126662-xss(98697)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98697"}, {"name": "[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q4/616"}, {"name": "https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde", "refsource": "CONFIRM", "url": "https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde"}, {"name": "RHSA-2015:1462", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1462.html"}, {"name": "http://bugs.jqueryui.com/ticket/8859", "refsource": "CONFIRM", "url": "http://bugs.jqueryui.com/ticket/8859"}, {"name": "71107", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71107"}, {"name": "[oss-security] 20141114 old CVE assignments for JQuery 1.10.0", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q4/613"}, {"name": "https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e", "refsource": "CONFIRM", "url": "https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:36:02.237Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jquery/jquery/issues/2432"}, {"name": "RHSA-2015:0442", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0442.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.jqueryui.com/ticket/8861"}, {"name": "jqueryui-cve20126662-xss(98697)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98697"}, {"name": "[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q4/616"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde"}, {"name": "RHSA-2015:1462", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1462.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.jqueryui.com/ticket/8859"}, {"name": "71107", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71107"}, {"name": "[oss-security] 20141114 old CVE assignments for JQuery 1.10.0", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q4/613"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-6662", "datePublished": "2014-11-24T16:00:00", "dateReserved": "2014-11-14T00:00:00", "dateUpdated": "2024-08-06T21:36:02.237Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jqueryui:jquery_ui:1.10.0:rc1:*:*:*:jquery:*:*", "matchCriteriaId": "458843F0-2EAD-4E60-B3A6-6859A690173C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la opci\u00f3n de contenido por defecto en jquery.ui.tooltip.js en el widget Tooltip en jQuery UI anterior a 1.10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTMl arbitrarios a trav\u00e9s del atributo del t\u00edtulo, lo cual no se maneja debidamente en la demostraci\u00f3n de cuadros combinados del autocompletado."}], "id": "CVE-2012-6662", "lastModified": "2018-07-14T01:29:00.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-11-24T16:59:01.993", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://bugs.jqueryui.com/ticket/8859"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://bugs.jqueryui.com/ticket/8861"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0442.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1462.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/oss-sec/2014/q4/613"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/oss-sec/2014/q4/616"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/71107"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98697"}, {"source": "cve@mitre.org", "tags": ["Patch", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e"}, {"source": "cve@mitre.org", "tags": ["Patch", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde"}, {"source": "cve@mitre.org", "url": "https://github.com/jquery/jquery/issues/2432"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1462", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "ipa-0:3.0.0-47.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-07-21T00:00:00Z"}, {"advisory": "RHSA-2015:0442", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ipa-0:4.1.0-18.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "jquery-ui: XSS vulnerability in default content in Tooltip widget", "id": "1166064", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166064"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo."], "name": "CVE-2012-6662", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-jquery-rails", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-jquery-rails", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:openstack-installer:5", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-jquery-ui-rails", "product_name": "OpenStack Foreman"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "python-sphinx", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "python-sphinx", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "yelp-xsl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-jquery-rails", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-jquery-rails", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-jquery-ui-rails", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Will not fix", "package_name": "ror40-rubygem-jquery-rails", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-jquery-rails", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-jquery-rails", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2012-11-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-6662\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6662"], "threat_severity": "Moderate", "upstream_fix": "jQuery UI 1.10.0"}