jQuery UI – CVE-2022-31160

Description

Kayran has detected that the version of jQuery UI being used is potentially vulnerable to cross-site scripting. Also known as CVE-2022-31160.
Initializing a “checkboxradio” widget on a certain input enclosed within a label may lead to the parent label contents being considered as the input label itself.

By calling “refresh” on this widget and the HTML contents, will lead to encrypted information being decrypted and presented to the attacker.

Successful exploitation of this vulnerability could lead to sensitive information being exposed/disclosed.
This will allow the attacker to add and modify the data.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

To fix CVE-2022-31160, update the jQuery UI version being used to 1.13.2 or higher.
Also, it’s recommended to change the initial HTML by wrapping all the non-input contents of the
“label” in a “span” tag.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »