id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,blockedby,blocking 15284,XSS Vulnerability on text options of jQuery UI datepicker,andycyork,,"similar to https://github.com/jquery/api.jqueryui.com/issues/281 but applies to the datepicker\\ **to recreate**\\ Create a new HTML page.\\ Inject this content into new page:\\ {{{ XSS in options of datepicker

Date:

}}} \\ on load, alerts are shown for appendText & buttonText\\ after clicking the input control, alerts are shown for closeText, currentText, prevText & nextText\\ \\ The scripted alerts should not be shown - an attacker can take advantage of injecting malicious XSS content into website.",bug,new,minor,none,ui.datepicker,1.12.1,,,,,