Home Projects Documentation Press / or click here to open the quicksearch Log in
Please log in to bookmark issues
#2891 – 
Closed
Done This issue is marked as done / closed
Locked Most details of this issue cannot be edited because the workflow defines this step as "locked"
Bug report
0
Click to toggle a vote for this issue
0
0 + 0
This issue has been closed with status "Closed" and resolution "NOT AN ISSUE".
Time tracking started at Paused
Description

The TBG application is using a vulnerable library jQuery UI dialog, version 1.11.4, which is affected by the following vulnerabilities:

  1. GHSA-G8Q2-24JH-5HPC: High severity vulnerability that affects jquery-ui Withdrawn, accidental duplicate publish. Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

  2. NODEJS:127: XSS in dialog closeText ## Overview Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elem...

  3. GHSA-HPCF-8VF9-Q4GJ: Moderate severity vulnerability that affects jquery-ui Cross- site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

How to reproduce
Attachments0
Toggle system-generated comments Sort comments in opposite direction
/unthemed/mono/no-comments.png
Expand, collaborate and share
Post a comment and get things done
Important details
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Times and dates
  • Estimated time No time estimated
People involved
Other details
  • Unknown