Debian Security Advisory

DLA-258-1 jqueryui -- LTS security update

Date Reported:: 29 Jun 2015
Affected Packages:: jqueryui
Vulnerable:: Yes
Security database references:: In Mitre's CVE dictionary: CVE-2010-5312.
More information:: Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its title option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.