jQuery 3.4.1: [CVE-2019-11358] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

[marcialwushu]

Severity    Code    Description Project Path    File    Line    Source  Suppression State   Tool
Error       jQuery 3.4.1: [CVE-2019-11358]  Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
Reference: https://ossindex.sonatype.org/resource/vulnerability/11b6563a-ead6-4040-83e5-455f36519d1b
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.   WebApplication  C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication    C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication\packages.config    6   IntelliSense        

[marcialwushu]

Severity Code Description Project Path File Line Source Suppression State Tool Error jQuery 3.4.1: [CVE-2015-9251] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") Reference: https://ossindex.sonatype.org/resource/vulnerability/3b3ba2f8-9c2c-4afe-b593-75c6b3fd4bb7 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication\packages.config 6 IntelliSense

[marcialwushu]

Severity Code Description Project Path File Line Source Suppression State Tool Error jQuery 3.4.1: [CVE-2019-11358] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") Reference: https://ossindex.sonatype.org/resource/vulnerability/11b6563a-ead6-4040-83e5-455f36519d1b jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication\packages.config 6 IntelliSense

[marcialwushu]

Severity Code Description Project Path File Line Source Suppression State Tool Error jQuery 3.4.1: [CVE-2020-11023] In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML... Reference: https://ossindex.sonatype.org/resource/vulnerability/4dc10b07-91de-4bd1-8f56-00d718a467a3 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication\packages.config 6 IntelliSense

[marcialwushu]

Severity Code Description Project Path File Line Source Suppression State Tool Error jQuery 3.4.1: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Reference: https://ossindex.sonatype.org/resource/vulnerability/52f593c8-7729-435c-b9df-a7bb9ded8589 The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication\packages.config 6 IntelliSense

[marcialwushu]

Severity Code Description Project Path File Line Source Suppression State Tool Error jQuery 3.4.1: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Reference: https://ossindex.sonatype.org/resource/vulnerability/ccbcd22c-ecdd-42c3-b76a-73eacbc40d98 The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication\packages.config 6 IntelliSense

[marcialwushu]

Severity Code Description Project Path File Line Source Suppression State Tool Error jQuery 3.4.1: [CVE-2020-11022] In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML f... Reference: https://ossindex.sonatype.org/resource/vulnerability/7ea698d9-d38b-4f6f-9a39-79b72d4fe248 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication\packages.config 6 IntelliSense

[marcialwushu]

Severity Code Description Project Path File Line Source Suppression State Tool Error jQuery 3.4.1: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Reference: https://ossindex.sonatype.org/resource/vulnerability/bb07990f-5984-4107-a7ee-27d0c09a1698 The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication C:\Users\marci\source\repos\AppSecretsDemoProject\WebApplication\packages.config 6 IntelliSense

[marcialwushu]

https://www.security-database.com/cwe.php?name=CWE-79