{"id":"CVE-2016-7103","details":"Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.","aliases":["GHSA-hpcf-8vf9-q4gj"],"modified":"2026-07-08T05:50:01.080170124Z","published":"2017-03-15T16:59:00.173Z","related":["SUSE-SU-2017:2351-1","openSUSE-SU-2024:11214-1","openSUSE-SU-2024:14131-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","cpes":["cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*"],"extracted_events":[{"fixed":"19.1"}],"vendor_product":"oracle:application_express"},{"cpes":["cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE","extracted_events":[{"fixed":"2.12.42"}],"vendor_product":"oracle:oss_support_tools"},{"cpes":["cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE","extracted_events":[{"introduced":"16.0"},{"last_affected":"16.2"},{"introduced":"17.0"},{"last_affected":"17.12.4"},{"introduced":"18.0"},{"last_affected":"18.8.4"}],"vendor_product":"oracle:primavera_unifier"},{"source":"CPE_RANGE","cpes":["cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"21.2"}],"vendor_product":"oracle:siebel_ui_framework"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"9.0"},{"last_affected":"9.0"}],"vendor_product":"debian:debian_linux"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"30"},{"last_affected":"30"},{"introduced":"35"},{"last_affected":"35"},{"introduced":"36"},{"last_affected":"36"}],"vendor_product":"fedoraproject:fedora"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*"],"extracted_events":[{"introduced":"21.2-NA"},{"last_affected":"21.2-NA"}],"vendor_product":"juniper:junos"},{"source":"CPE_STRING","cpes":["cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*","cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*"],"extracted_events":[{"introduced":"12.2.1.3.0"},{"last_affected":"12.2.1.3.0"},{"introduced":"12.2.1.4.0"},{"last_affected":"12.2.1.4.0"}],"vendor_product":"oracle:business_intelligence"},{"source":"CPE_STRING","cpes":["cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"9.0.11"},{"last_affected":"9.0.11"}],"vendor_product":"oracle:hospitality_cruise_fleet_management"},{"source":"CPE_STRING","cpes":["cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"2.12.42"},{"last_affected":"2.12.42"}],"vendor_product":"oracle:oss_support_tools"},{"cpes":["cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"introduced":"10.3.6.0.0"},{"last_affected":"10.3.6.0.0"},{"introduced":"12.1.3.0.0"},{"last_affected":"12.1.3.0.0"},{"introduced":"12.2.1.3.0"},{"last_affected":"12.2.1.3.0"}],"vendor_product":"oracle:weblogic_server"},{"source":"CPE_STRING","cpes":["cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.0"},{"last_affected":"7.0"},{"introduced":"8"},{"last_affected":"8"},{"introduced":"9"},{"last_affected":"9"}],"vendor_product":"redhat:openstack"}]},"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2932.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2933.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0161.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104823"},{"type":"ADVISORY","url":"https://jqueryui.com/changelog/1.12.0/"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"},{"type":"ADVISORY","url":"https://nodesecurity.io/advisories/127"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190416-0007/"},{"type":"ADVISORY","url":"https://www.drupal.org/sa-core-2022-002"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2016-19"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"type":"FIX","url":"https://github.com/jquery/api.jqueryui.com/issues/281"},{"type":"FIX","url":"https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jquery/jquery-ui","events":[{"introduced":"0477890e2ccf93f3aaf5ca324ff7489381b35681"},{"last_affected":"d6713024e16de90ea71dc0544ba34e1df01b4d8a"},{"fixed":"9644e7bae9116edaf8d37c5b38cb32b892f10ff6"}],"database_specific":{"cpe":"cpe:2.3:a:jqueryui:jquery_ui:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"1.10.0"},{"last_affected":"1.11.4"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7103.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}