id summary reporter owner description type status priority milestone component version resolution keywords cc blockedby blocking 15284 XSS Vulnerability on text options of jQuery UI datepicker andycyork "similar to but applies to the datepicker\\ **to recreate**\\ Create a new HTML page.\\ Inject this content into new page:\\ {{{ XSS in options of datepicker


}}} \\ on load, alerts are shown for appendText & buttonText\\ after clicking the input control, alerts are shown for closeText, currentText, prevText & nextText\\ \\ The scripted alerts should not be shown - an attacker can take advantage of injecting malicious XSS content into website." bug closed minor none ui.datepicker 1.12.1 fixed