---
gem: jquery-ui-rails
framework: rails
cve: 2016-7103
date: 2016-08-27
url: https://github.com/jquery/api.jqueryui.com/issues/281
title: XSS Vulnerability on closeText option of Dialog jQuery UI

description: |
  Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might
  allow remote attackers to inject arbitrary web script or HTML via the
  closeText parameter of the dialog function.

cvss_v2: 4.3
cvss_v3: 6.1

patched_versions:
  - ">= 6.0.0"

related:
  url:
    - https://github.com/jquery/jquery-ui/pull/1635
    - https://github.com/jquery-ui-rails/jquery-ui-rails/blob/master/History.md#600