Project

General

Profile

Actions

Todo #10676

closed

JQuery 1.2 < 3.5.0 Multiple XSS From Nessus

Added by Erik Mathis over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
06/18/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

LocalNetwork / Plugin #136929

Plugin Details
Severity: Medium
ID: 136929
Version: 1.5
Type: remote
Family: CGI abuses : XSS
Published: May 28, 2020
Modified: June 17, 2020
Risk Information
Risk Factor: Medium
CVSS v3.0 Base Score 6.1
CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v3.0 Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v3.0 Temporal Score: 5.3
CVSS Base Score: 4.3
CVSS Temporal Score: 3.2
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
IAVM Severity: II
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Pub Date: April 10, 2020
Vulnerability Pub Date: April 29, 2020
Reference Information
IAVB: 2020-B-0030
CVE: CVE-2020-11022, CVE-2020-11023
Medium
JQuery 1.2 < 3.5.0 Multiple XSS
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Solution
Upgrade to JQuery version 3.5.0 or later.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Output

URL               : https://domain.com/vendor/jquery/jquery-3.4.1.min.js?v=1580510450
Installed version : 3.4.1
Fixed version : 3.5.0
Hosts
443 / tcp / www
Actions #1

Updated by Jim Pingle over 1 year ago

  • Assignee set to Steve Beaver
  • Target version set to 2.5.0
Actions #2

Updated by Steve Beaver over 1 year ago

jQuery updated to 3.5.1
jQuery-ui unchanged

Actions #3

Updated by Steve Beaver over 1 year ago

  • Status changed from New to Feedback
  • Assignee changed from Steve Beaver to Jim Pingle
Actions #4

Updated by Steve Beaver about 1 year ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF