Todo #10676
closedJQuery 1.2 < 3.5.0 Multiple XSS From Nessus
0%
Description
LocalNetwork / Plugin #136929
Plugin Details
Severity: Medium
ID: 136929
Version: 1.5
Type: remote
Family: CGI abuses : XSS
Published: May 28, 2020
Modified: June 17, 2020
Risk Information
Risk Factor: Medium
CVSS v3.0 Base Score 6.1
CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v3.0 Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v3.0 Temporal Score: 5.3
CVSS Base Score: 4.3
CVSS Temporal Score: 3.2
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
IAVM Severity: II
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Pub Date: April 10, 2020
Vulnerability Pub Date: April 29, 2020
Reference Information
IAVB: 2020-B-0030
CVE: CVE-2020-11022, CVE-2020-11023
Medium
JQuery 1.2 < 3.5.0 Multiple XSS
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Solution
Upgrade to JQuery version 3.5.0 or later.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Output
URL : https://domain.com/vendor/jquery/jquery-3.4.1.min.js?v=1580510450
Installed version : 3.4.1
Fixed version : 3.5.0
Hosts
443 / tcp / www
Updated by Jim Pingle over 4 years ago
- Assignee set to Anonymous
- Target version set to 2.5.0
Updated by Anonymous over 4 years ago
jQuery updated to 3.5.1
jQuery-ui unchanged
Updated by Anonymous over 4 years ago
- Status changed from New to Feedback
- Assignee changed from Anonymous to Jim Pingle
Updated by Anonymous almost 4 years ago
- Status changed from Feedback to Resolved