CVE-2012-6662 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-6662 Interim 1 2 2024-06-12T02:01:00Z current 2023-10-31T01:46:12Z 2024-06-12T02:01:00Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-6662 Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 7 ipa-admintools-4.1.0-18.el7 ipa-client-4.1.0-18.el7 ipa-python-4.1.0-18.el7 ipa-server-4.1.0-18.el7 ipa-server-trust-ad-4.1.0-18.el7 ipa-admintools-4.1.0-18.el7 as a component of SUSE Liberty Linux 7 ipa-client-4.1.0-18.el7 as a component of SUSE Liberty Linux 7 ipa-python-4.1.0-18.el7 as a component of SUSE Liberty Linux 7 ipa-server-4.1.0-18.el7 as a component of SUSE Liberty Linux 7 ipa-server-trust-ad-4.1.0-18.el7 as a component of SUSE Liberty Linux 7 Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. CVE-2012-6662 SUSE Liberty Linux 7:ipa-admintools-4.1.0-18.el7 SUSE Liberty Linux 7:ipa-client-4.1.0-18.el7 SUSE Liberty Linux 7:ipa-python-4.1.0-18.el7 SUSE Liberty Linux 7:ipa-server-4.1.0-18.el7 SUSE Liberty Linux 7:ipa-server-trust-ad-4.1.0-18.el7 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N