Description
Cytrix has detected that the version of jQuery UI being used is vulnerable to Cross-site scripting (XSS).
This can be done by abusing the closeText parameter. Also known as CVE-2016-7103.
By abusing the closeText parameter of the dialog function in jQuery UI, remote attackers can inject arbitrary web scripts or any HTML.
Severity/Score
CVSS Version 3.x – 6.1 Medium
Recommendation
To fix CVE-2016-7103, update the version of the jQuery UI being used.
Make sure its version is 1.12.0 or higher.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7103