jQuery UI Checkboxradio - Moderately critical - Cross site scripting - SA-CONTRIB-2022-052

Project: jQuery UI CheckboxradioVersion: 8.x-1.38.x-1.28.x-1.18.x-1.0Date: 2022-August-10Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:UncommonVulnerability: Cross site scriptingDescription: jQuery UI is a third-party library used by Drupal. The jQuery UI Checkboxradio module provides the jQuery UI Checkboxradio library (which was previously in Drupal 8 core, but has since been removed from core and moved to this module).
As part of the jQuery UI 1.13.2 update, the jQuery UI project disclosed following security issue that may affect sites using the jQuery UI Checkboxradio module:

Solution: Install the latest version. If you use the jQuery UI Checkboxradio module for Drupal 9, upgrade to:

Reported By: 

  • Benji Fisher, provisional member of the Drupal Security Team

Fixed By: 

Coordinated By: 

  • xjm of the Drupal Security Team
Path to article https://www.drupal.org/sa-contrib-2022-052