CVE-2012-6662
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
We have discovered 356,530 live websites that are affected by CVE-2012-6662.
Affected Software
| Product |  jQuery UI |
| Category | JavaScript Libraries |
| Vulnerable Domains | 356,530 live websites (7.24% of jQuery UI install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 65 versions ( 56.03% of all versions) |
Details
- Published - Nov 25, 2014
- Updated - Aug 6, 2024
CVE References
CVE-2012-6662 usage by Country
 United States | 114,460 websites |
 Germany | 33,325 websites |
 France | 22,402 websites |
 Russia | 21,865 websites |
 Netherlands | 11,705 websites |
 Japan | 11,432 websites |
 Czech Republic | 11,328 websites |
 Poland | 10,978 websites |
 GB | 10,785 websites |
 Italy | 7,151 websites |
CVE-2012-6662 usage by TLD
| .com | 139,370 websites |
| .ru | 19,272 websites |
| .de | 18,949 websites |
| .org | 14,001 websites |
| .net | 11,360 websites |
| .pl | 9,918 websites |
| .cz | 9,910 websites |
| .nl | 9,477 websites |
| .fr | 8,549 websites |
| .co.uk | 7,871 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2012-6662
Top websites that are affected by CVE-2012-6662. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | *,*** | |
| *********************.de | Germany | *,*** | |
| ******.***.***.cn |  China | *,*** | |
| ****.***********.pl | Poland | *,*** | |
| *******.org | United States | *,*** | |
| ************.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| ***.int |  Switzerland | *,*** | |
| *********.de | Germany | *,*** | |
| ********.com | United States | *,*** |
FAQ
A total of 356,530 websites have been identified as vulnerable to CVE-2012-6662, discovered through global website indexing conducted by WebTechSurvey.
jQuery UI is susceptible to CVE-2012-6662 vulnerability.
jQuery UI versions before 1.10 are vulnerable to CVE-2012-6662.
Version 1.10 of jQuery UI addresses the CVE-2012-6662 security vulnerability.
References
- https://github.com/jquery/jquery/issues/2432
- http://rhn.redhat.com/errata/RHSA-2015-0442.html
- http://bugs.jqueryui.com/ticket/8861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98697
- http://seclists.org/oss-sec/2014/q4/616
- https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
- http://rhn.redhat.com/errata/RHSA-2015-1462.html
- http://bugs.jqueryui.com/ticket/8859
- http://www.securityfocus.com/bid/71107
- http://seclists.org/oss-sec/2014/q4/613
- https://github.com/jquery/jquery-ui/commit/5fee6fd5000072ff32f2d65b6451f39af9e0e39e