jQuery UI – CVE-2022-31160

Description

Kayran has detected that the version of jQuery UI being used is potentially vulnerable to cross-site scripting. Also known as CVE-2022-31160.
Initializing a “checkboxradio” widget on a certain input enclosed within a label may lead to the parent label contents being considered as the input label itself.

By calling “refresh” on this widget and the HTML contents, will lead to encrypted information being decrypted and presented to the attacker.

Successful exploitation of this vulnerability could lead to sensitive information being exposed/disclosed.
This will allow the attacker to add and modify the data.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

To fix CVE-2022-31160, update the jQuery UI version being used to 1.13.2 or higher.
Also, it’s recommended to change the initial HTML by wrapping all the non-input contents of the
“label” in a “span” tag.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »