CVE-ID: CVE-2021-41182, CVE-2021-41183 JavaScript libraries (jQuery UI Datepicker 1.12.1)
search cancel

CVE-ID: CVE-2021-41182, CVE-2021-41183 JavaScript libraries (jQuery UI Datepicker 1.12.1)

book

Article ID: 275015

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Information on Vulnerabilities CVE-ID: CVE-2021-41182, CVE-2021-41183

Vulnerable JavaScript libraries

You are using one or more vulnerable JavaScript libraries. One or more vulnerabilities were reported for this version of the library. See the attack details and web references for more information about the affected library and reported vulnerabilities.

Detail
jQuery UI Datepicker 1.12.1
URL: https://iptest.domain.com/sigma/app/index
Detection method: The library name and version were determined based on its
dynamic behavior.
CVE-ID: CVE-2021-41182, CVE-2021-41183
Description: XSS in Datepicker widget 'altField' option / XSS in '*Text'
Datepicker widget options

update to lastest version

 

The required in this case is to update the “jQuery UI Datepicker 1.12.1” to the last version

Example of information obtained from https://<Portalhost>l/sigma/app/index 

 

 

Environment

Release : 14.4, 14.5

Resolution

The reported vulnerability is taken care by IP UI framework design. There is no impact on IP by this vulnerability. But as part of upgrade of third party libraries, we will be updating the jQuery UI Datepicker version to 1.13.2 in upcoming releases.

Powered by Wolken Software