Closed aparveen closed 3 years ago
aparveen
commented
3 years ago This is the new jquery-ui library they are asking to upgrade to: jquery-ui-1.12.1.custom.zip We would need to replace the jquery-ui.js and jquery-ui.css in our vendor folder with the ones in the zip file
ashishchoure
commented
3 years ago | Items | Is required | Status | Comments |
|---|---|---|---|
| Required NLS change? | No | NA | |
| Required Backward compatibility? | No | NA | |
| Required 508? | No | NA | Manager application doesn’t support accessibility |
| Need Sanitize? | No | NA | |
| Impacted Areas | Comments |
|---|---|
| Have Configuration changes? | No |
| Have Runtime changes? | Yes |
| Impact on RTL | Yes |
| Components to have an impact after library update | Web map list |
| Details Panel | |
| Geo Form and Comment Form | |
| Date Picker | |
| Data viewer (Data table) |
aparveen
commented
3 years ago Verified in qa
Path: URL: https://secscan.maps.arcgis.com/apps/CrowdsourceManager/index.html Name: Out-of-date Version (jQuery UI Autocomplete) Severity: Medium Certainty: 90% File with vulnerability is - jquery-ui.js Identified Version : 1.11.4 Latest Version : 1.12.1 (in this branch)
Known CVE: CVE-2016-7103 Details: Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.