jQuery UI – CVE-2016-7103

Description

Cytrix has detected that the version of jQuery UI being used is vulnerable to Cross-site scripting (XSS).
This can be done by abusing the closeText parameter. Also known as CVE-2016-7103.

By abusing the closeText parameter of the dialog function in jQuery UI, remote attackers can inject arbitrary web scripts or any HTML.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

To fix CVE-2016-7103, update the version of the jQuery UI being used.
Make sure its version is 1.12.0 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7103
https://cwe.mitre.org/data/definitions/79.html

Possible Social Security Number Disclosure

Description Cytrix has possibly detected a Social Security Number in your system. That means that...

Possible Credit Card Number Disclosure

Description Cytrix has possibly detected a Credit Card Number in your system. This exposure can...

Internal IP Disclosure

Description Cytrix has detected an internal IPv4 address in your system. Internal IP Disclosure...

External IP Disclosure

Description Cytrix has detected an external IPv4 address in your system. External IP Disclosure...