Project

General

Profile

Todo #10676

JQuery 1.2 < 3.5.0 Multiple XSS From Nessus

Added by Erik Mathis 4 months ago. Updated 19 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
06/18/2020
Due date:
% Done:

0%

Estimated time:

Description

LocalNetwork / Plugin #136929

Plugin Details
Severity: Medium
ID: 136929
Version: 1.5
Type: remote
Family: CGI abuses : XSS
Published: May 28, 2020
Modified: June 17, 2020
Risk Information
Risk Factor: Medium
CVSS v3.0 Base Score 6.1
CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v3.0 Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v3.0 Temporal Score: 5.3
CVSS Base Score: 4.3
CVSS Temporal Score: 3.2
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
IAVM Severity: II
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Pub Date: April 10, 2020
Vulnerability Pub Date: April 29, 2020
Reference Information
IAVB: 2020-B-0030
CVE: CVE-2020-11022, CVE-2020-11023
Medium
JQuery 1.2 < 3.5.0 Multiple XSS
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Solution
Upgrade to JQuery version 3.5.0 or later.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Output

URL               : https://domain.com/vendor/jquery/jquery-3.4.1.min.js?v=1580510450
Installed version : 3.4.1
Fixed version : 3.5.0
Hosts
443 / tcp / www

History

#1 Updated by Jim Pingle 4 months ago

  • Assignee set to Steve Beaver
  • Target version set to 2.5.0

#2 Updated by Steve Beaver 4 months ago

jQuery updated to 3.5.1
jQuery-ui unchanged

#3 Updated by Steve Beaver 4 months ago

  • Status changed from New to Feedback
  • Assignee changed from Steve Beaver to Jim Pingle

#4 Updated by Steve Beaver 19 days ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF