CVE-2022-31160

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions jQuery UI versions prior to 1.13.2

Description Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML:

<label>
  <input id="test-input">
  &lt;img src=x onerror="alert(1)"&gt;
</label>

and calling:

$( "#test-input" ).checkboxradio();
$( "#test-input" ).checkboxradio( "refresh" );

will turn the initial HTML into:

<label>
  <!-- some jQuery UI elements -->
  <input id="test-input">
  <img src=x onerror="alert(1)">
</label>

and the alert will get executed.

Recommendations To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the label in a span:

<label>
  <input id="test-input">
  <span>&lt;img src=x onerror="alert(1)"&gt;</span>
</label>

For versions prior to 1.13.2, update to jQuery UI 1.13.2 to patch the bug.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-6282

ALT-PU-2023-6850

CVE-2022-31160

DLA-3230-1

GHSA-H6GJ-6JJQ-H8G9

USN-5181-1

USN-6419-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Ubuntu

Jquery Ui

CVE-2022-31160

Weakness Enumeration

Related Identifiers

Affected Products

References · 41