CVE-2022-31160
jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
jQuery UI es un conjunto curado de interacciones de interfaz de usuario, efectos, widgets y temas construidos sobre jQuery. Las versiones anteriores a 1.13.2, son potencialmente vulnerables a un ataque de tipo cross-site scripting. La inicialización de un widget checkboxradio en una entrada encerrada dentro de una etiqueta hace que el contenido de la etiqueta padre sea considerado como la etiqueta de entrada. Llamar a ".checkboxradio("refresh" )" en un widget de este tipo y que el HTML inicial contenga entidades HTML codificadas hará que sean decodificadas erróneamente. Esto puede conllevar a una posible ejecución de código JavaScript. El error ha sido parcheado en jQuery UI 1.13.2. Para remediar el problema, alguien que pueda cambiar el HTML inicial puede envolver todo el contenido que no sea de entrada de la "label" en un "span"
Hong Phat Ly discovered that jQuery UI did not properly manage parameters from untrusted sources, which could lead to arbitrary web script or HTML code injection. A remote attacker could possibly use this issue to perform a cross-site scripting attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Esben Sparre Andreasen discovered that jQuery UI did not properly handle values from untrusted sources in the Datepicker widget. A remote attacker could possibly use this issue to perform a cross-site scripting attack and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-05-18 CVE Reserved
- 2022-07-20 CVE Published
- 2025-04-22 CVE Updated
- 2025-04-22 First Exploit
- 2025-05-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20220909-0007 | Third Party Advisory |
|
| https://www.drupal.org/sa-contrib-2022-052 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 | 2025-04-22 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410c Firmware Search vendor "Netapp" for product "H410c Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410c Search vendor "Netapp" for product "H410c" | - | - |
Safe
|
| Jqueryui Search vendor "Jqueryui" | Jquery Ui Search vendor "Jqueryui" for product "Jquery Ui" | < 1.13.2 Search vendor "Jqueryui" for product "Jquery Ui" and version " < 1.13.2" | jquery |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight" | - | - |
Affected
| ||||||
| Drupal Search vendor "Drupal" | Jquery Ui Checkboxradio Search vendor "Drupal" for product "Jquery Ui Checkboxradio" | 8.x-1.0 Search vendor "Drupal" for product "Jquery Ui Checkboxradio" and version "8.x-1.0" | drupal |
Affected
| ||||||
| Drupal Search vendor "Drupal" | Jquery Ui Checkboxradio Search vendor "Drupal" for product "Jquery Ui Checkboxradio" | 8.x-1.1 Search vendor "Drupal" for product "Jquery Ui Checkboxradio" and version "8.x-1.1" | drupal |
Affected
| ||||||
| Drupal Search vendor "Drupal" | Jquery Ui Checkboxradio Search vendor "Drupal" for product "Jquery Ui Checkboxradio" | 8.x-1.2 Search vendor "Drupal" for product "Jquery Ui Checkboxradio" and version "8.x-1.2" | drupal |
Affected
| ||||||
| Drupal Search vendor "Drupal" | Jquery Ui Checkboxradio Search vendor "Drupal" for product "Jquery Ui Checkboxradio" | 8.x-1.3 Search vendor "Drupal" for product "Jquery Ui Checkboxradio" and version "8.x-1.3" | drupal |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||