Skip to main content

Search and Top Navigation

#8854 closed bug (notabug)

Opened November 26, 2012 02:08PM UTC

Closed November 26, 2012 03:46PM UTC

Last modified November 26, 2012 03:55PM UTC

Reflective XSS -

Reported by: omerta Owned by:
Priority: minor Milestone: 1.10.0
Component: ui.core Version: 1.9.1
Keywords: Cc:
Blocked by: Blocking:
Description is vulnerable to reflected XSS attacks:"><script>alert(document.domain);</script>

Verified on:

Google Chrome - Version 23.0.1271.64

Firefox 17.0


Attachments (0)
Change History (3)

Changed November 26, 2012 03:46PM UTC by scottgonzalez comment:1

resolution: → notabug
status: newclosed

Changed November 26, 2012 03:52PM UTC by omerta comment:2

Replying to [comment:1 scott.gonzalez]:

I do not understand why this was resolved to "notabug". It appears a GitHub issue was created for it, indicating that there is a vulnerability. Maybe it has to do with this being a vulnerability in the web application and not the jQuery API in general...

Changed November 26, 2012 03:55PM UTC by scottgonzalez comment:3

notabug means that the issue reported is not a bug in the code tracked by this bug tracker. This bug tracker is solely for the jQuery UI library, not for any associated sites, which is why I opened the issue on GitHub.

Thanks for reporting it.