CVE-2012-6662: XSS

Published Nov 24, 2014
·
Updated

Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

Affected Software

9 affected componentsFixes available
nuget/jQuery.UI.Combined<1.10.0
1.10.0
maven/org.webjars.npm:jquery-ui<1.10.0
1.10.0
rubygems/jquery-ui-rails<4.0.0
4.0.0
npm/jquery-ui<1.10.0
1.10.0
redhat Enterprise Linux Desktop=7.0
redhat Enterprise Linux Hpc Node=7.0
redhat Enterprise Linux Server=7.0
redhat Enterprise Linux Workstation=7.0
jqueryui Jquery Ui Jquery=1.10.0-rc1

Remediation

Patch Available

https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e

Patch Available

https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde

Event History

Nov 24, 2014
CVE Published
via MITRE·04:00 PM
Data Sourced
via MITRE·04:00 PM
Description
Oct 24, 2017
Advisory Published
06:33 PM
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2012-6662?

CVE-2012-6662 has a medium severity rating due to its potential for cross-site scripting attacks.

2

How do I fix CVE-2012-6662?

To remediate CVE-2012-6662, upgrade to jQuery UI version 1.10.0 or later.

3

What causes the vulnerability in CVE-2012-6662?

The vulnerability in CVE-2012-6662 is caused by improper handling of the title attribute in the tooltip functionality of jQuery UI.

4

Which software is affected by CVE-2012-6662?

CVE-2012-6662 affects versions of jQuery UI prior to 1.10.0 and various packages such as jQuery.UI.Combined and jquery-ui-rails.

5

Is there a known exploit for CVE-2012-6662?

Yes, CVE-2012-6662 can be exploited by remote attackers injecting arbitrary web scripts through the title attribute.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203