Security Bulletin: jQuery UI title/default content cross-site scripting (CVE-2012-6662 and CVE-2010-5312) : Aspera Support

The jQuery UI is vulnerable to cross-site scripting, which is caused by improper validation of user-supplied input as well as input by the default content. A remote attacker could exploit this vulnerability using the title parameter in a specially-crafted URL...

from IBM Product Security Incident Response Team http://ift.tt/1bmIU97