Description
Jquery UI 1.13.1 in use which is vulnerable to CVE-2022-31160
Proof of Concept
- Go to https://demo.limesurvey.org/tmp/assets/15bf41ab/jquery-ui.min.js and note that jquery-ui 1.13.1 is in use.
- Check https://github.com/LimeSurvey/LimeSurvey/blob/master/vendor/jquery-ui/jquery-ui.min.js and note that jquery-ui 1.13.1 is in use.
- Go to https://security.snyk.io/vuln/SNYK-JS-JQUERYUI-2946728 and note 1.13.1 is vulnerable to CVE-2022-31160.