Skip to main content

FALSE POSITIVE - jquery-ui-dialog flagged as a potentially vulnerable library


Some Penetration Testing tools may flag OutSystems as having a vulnerable jquery-ui-dialog library.

OutSystems uses jquery-ui-dialog version 1.8.24 which and the vulnerability known to this version is CVE-2010-5312 which relates to the title() function potentially allowing for unescaped content to be inserted in the title and causing a Cross Site Scripting problem.


All uses of the affected function by OutSystems are done after properly encoding the input parameter. As such it is our understanding that OutSystems is not vulnerable despite this vulnerability still being present in jquery-ui-dialog.

As for applications developed by our users which make use of this library, you should take care to properly encode the input to the title() function. Alternatively you can import your own version of jquery-ui-dialog into a different namespace and use that version instead.