Candidate: CVE-2012-6662
PublicDate: 2014-11-24 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6662
Description:
 Cross-site scripting (XSS) vulnerability in the default content option in
 jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0
 allows remote attackers to inject arbitrary web script or HTML via the
 title attribute, which is not properly handled in the autocomplete combo
 box demo.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.jqueryui.com/ticket/8861
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_jqueryui:
 upstream: https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
upstream_jqueryui: needs-triage
lucid_jqueryui: ignored (reached end-of-life)
precise_jqueryui: not-affected (code not present)
trusty_jqueryui: not-affected (1.10.1+dfsg-1)
trusty/esm_jqueryui: not-affected (1.10.1+dfsg-1)
utopic_jqueryui: not-affected (1.10.1+dfsg-1)
devel_jqueryui: not-affected (1.10.1+dfsg-1)