pfSense

LocalNetwork / Plugin #136929

Plugin Details
Severity: Medium
ID: 136929
Version: 1.5
Type: remote
Family: CGI abuses : XSS
Published: May 28, 2020
Modified: June 17, 2020
Risk Information
Risk Factor: Medium
CVSS v3.0 Base Score 6.1
CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v3.0 Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v3.0 Temporal Score: 5.3
CVSS Base Score: 4.3
CVSS Temporal Score: 3.2
CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
IAVM Severity: II
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Pub Date: April 10, 2020
Vulnerability Pub Date: April 29, 2020
Reference Information
IAVB: 2020-B-0030
CVE: CVE-2020-11022, CVE-2020-11023
Medium
JQuery 1.2 < 3.5.0 Multiple XSS
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Solution
Upgrade to JQuery version 3.5.0 or later.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Output

URL               : https://domain.com/vendor/jquery/jquery-3.4.1.min.js?v=1580510450
      Installed version : 3.4.1
      Fixed version     : 3.5.0

Hosts
    443 / tcp / www