CVE-2022-31160 @ Npm-jquery-ui-1.10.4

**Vulnerable Package** issue exists @ **Npm\-jquery\-ui\-1.10.4** in branch **main**

Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. This issue affects versions before 1.13.2.

**Namespace:** CxDemoInABoxRepos
**Repository:** Java-Webgoat
**Repository Url:** https://github.com/CxDemoInABoxRepos/Java-Webgoat
**CxAST\-Project:** CxDemoInABoxRepos/Java-Webgoat
**CxAST platform scan:** [54f047f8\-7049\-4205\-83b9\-9e21c75dc4c9](https://deu.ast.checkmarx.net/projects/26b3e443-162d-4768-a7fd-3d09781bac58/scans?id=54f047f8-7049-4205-83b9-9e21c75dc4c9&branch=main)
**Branch:** main
**Application:** Java-Webgoat
**Severity:** MEDIUM
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-79


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** LOW
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 1.13.2


----
**References**
[Advisory](https://github.com/advisories/GHSA-h6gj-6jjq-h8g9)
[Pull request](https://github.com/jquery/jquery-ui/pull/2102)
[Issue](https://github.com/jquery/jquery-ui/issues/2101)
[Commit](https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2022-31160 @ Npm-jquery-ui-1.10.4 #241

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2022-31160 @ Npm-jquery-ui-1.10.4 #241

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions