jQuery UI – CVE-2022-31160

Description

Kayran has detected that the version of jQuery UI being used is potentially vulnerable to cross-site scripting. Also known as CVE-2022-31160.
Initializing a “checkboxradio” widget on a certain input enclosed within a label may lead to the parent label contents being considered as the input label itself.

By calling “refresh” on this widget and the HTML contents, will lead to encrypted information being decrypted and presented to the attacker.

Successful exploitation of this vulnerability could lead to sensitive information being exposed/disclosed.
This will allow the attacker to add and modify the data.

Recommendation

To fix CVE-2022-31160, update the jQuery UI version being used to 1.13.2 or higher.
Also, it’s recommended to change the initial HTML by wrapping all the non-input contents of the
“label” in a “span” tag.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »