CVE-2022-31160
Severity
6.1MEDIUM
EPSS
10.2%
top 6.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 20
Latest updateOct 15
Description
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentiall…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages9 packages
Also affects: Debian Linux 10.0, Fedora 35, 36, 37
Patches
🔴Vulnerability Details
6CVEList▶
jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label↗2022-07-20
OSV▶
CVE-2022-31160: jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery↗2022-07-20
GHSA▶
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label↗2022-07-18
📋Vendor Advisories
12Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Installation (jQueryUI) — CVE-2022-31160↗2024-10-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Infrastructure (jQueryUI) — CVE-2022-31160↗2024-04-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Billing Care (jQueryUI) — CVE-2022-31160↗2024-01-15
Oracle▶
Oracle Oracle Construction and Engineering Risk Matrix: User Interface (jQueryUI) — CVE-2022-31160↗2023-10-15