Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2012-6662

CVE-2012-6662:
jquery-ui Tooltip widget vulnerable to XSS

4.3

CVSS Score

Basic Information

CVE ID
CVE-2012-6662
GHSA ID
GHSA-qqxp-xp9v-vvx6
EPSS Score
-
CWE
CWE-79
Published
10/24/2017
Updated
11/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
jquery-uinpm< 1.10.01.10.0
jquery-ui-railsrubygems< 4.0.04.0.0
org.webjars.npm:jquery-uimaven< 1.10.01.10.0
jQuery.UI.Combinednuget< 1.10.01.10.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patches provided show that the XSS vulnerability was fixed by modifying how the Tooltip widget handles its content, specifically by escaping the title attribute. The function directly related to this fix is within the $.ui.tooltip widget, likely the _content method or similar.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in t** ****ult *ont*nt option in jqu*ry.ui.tooltip.js in t** Tooltip wi***t in jQu*ry UI ***or* *.**.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* t** titl* *ttri*ut*, w*i** is not prop*

Reasoning

T** p*t***s provi*** s*ow t**t t** XSS vuln*r**ility w*s *ix** *y mo*i*yin* *ow t** Tooltip wi***t **n*l*s its *ont*nt, sp**i*i**lly *y *s**pin* t** titl* *ttri*ut*. T** *un*tion *ir**tly r*l*t** to t*is *ix is wit*in t** $.ui.tooltip wi***t, lik*ly