Published: 20/07/2022 Updated: 07/11/2023

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions before 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jqueryui jquery ui
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h410s_firmware -
netapp h410c_firmware -
netapp oncommand insight -
drupal jquery ui checkboxradio 8.x-1.2
drupal jquery ui checkboxradio 8.x-1.1
drupal jquery ui checkboxradio 8.x-1.0
drupal jquery ui checkboxradio 8.x-1.3
fedoraproject fedora 35
fedoraproject fedora 36
fedoraproject fedora 37
debian debian linux 10.0

Debian Bug report logs - #1015982 jqueryui: CVE-2022-31160 Package: src:jqueryui; Maintainer for src:jqueryui is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 24 Jul 2022 18:27:01 UTC Severity: important Tags: security R ...

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery Versions prior to 1132 are potentially vulnerable to cross-site scripting Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label Calling `checkboxradio( ...

Case-Study-Report-Sab'a Group Member Details No Names Matric No 1 AMEER AL-WAFIQ BIN NORAZAM 2119005 2 SALSABILA TASYA HARRIS 1914606 3 ROBBANI GHOZI FIKRI 1832765 4 ABDUL RASHID BIN NUHAIRI 1911767 5 MD MOSTAFIZUR RAHMAN RAHAT 1823811 Table of Contents No Sub Content Person in Charge 10 -- Brief Description All 20 -- Objective All 30 --

CWE-79 https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9 https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released/https://www.drupal.org/sa-contrib-2022-052 https://security.netapp.com/advisory/ntap-20220909-0007/https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB2FJQXCNHO32VGVOC6DY6IPGVE4VDU6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XBR3G3JR5ZIOJDO4224M3INXDS2VFDD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5LGNTICB5BRFAG3DHVVELS6H3CZSQMO/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015982 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-31160

CVE-2022-31160

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect