Added template for CVE-2021-41182

[aredspy]

Template / PR Information

Created template for CVE-2021-41182 (JQueryUI XSS)
References:

• https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/
• PoC: GHSA-9gj3-hwp5-pmwc
• https://nvd.nist.gov/vuln/detail/CVE-2021-41182
• Increase Coverage of Trending CVEs #7551

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details

Template lists datepicker elements that run an alert script via the "altField" option in JQueryUI < 1.13.0
As such, datepicker elements that do not use the "altField" option are safe.
Using JQuery UI >= 1.13.0 changes how datepicker treats the "altField" option which prevents code execution.

Sample output on a test page:

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[GeorginaReeder]

Thanks for your contribution @aredspy , we appreciate it! :)

[dwisiswant0]

Hey @aredspy - how did you set up everything? I can't validate it on my end.

<!DOCTYPE html><html lang="en"><head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>jQuery UI Datepicker</title>
  <link rel="stylesheet" href="https://code.jquery.com/ui/1.12.0/themes/base/jquery-ui.css">
  <script src="https://code.jquery.com/jquery-3.7.1.js"></script>
  <script src="https://code.jquery.com/ui/1.12.0/jquery-ui.js"></script>
  <script>
  $(function() {
    $( "#datepicker" ).datepicker({
      altField: "#actualDate"
    });
  });
  </script>
</head>
<body>
<p>Date: <input type="text" id="datepicker"></p>
<input type="text" id="actualDate">
</body></html>

> window.$.datepicker._getInst(document.getElementsByClassName('hasDatepicker')[0]).settings.altField
#actualDate