We detected jquery version 3.2.1.slim.min, which has the following vulnerabilities:
CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
CVE-2020-11022: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
CVE-2020-11023: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
We also detected bootstrap version 4.0.0, which has the following vulnerabilities:
CVE-2019-8331: XSS in data-template, data-content and data-title properties of tooltip/popover
CVE-2018-14041: XSS in data-target property of scrollspy
CVE-2018-14040: XSS in collapse data-parent attribute
CVE-2018-14042: XSS in data-container property of tooltip
CVE-2016-10735: XSS is possible in the data-target attribute.
Path: /EPiServer/Geta.Optimizely.Sitemaps/container
Issue detail
We observed 2 vulnerable JavaScript libraries.
We detected jquery version 3.2.1.slim.min, which has the following vulnerabilities:
CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution CVE-2020-11022: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS CVE-2020-11023: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
We also detected bootstrap version 4.0.0, which has the following vulnerabilities:
CVE-2019-8331: XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2018-14041: XSS in data-target property of scrollspy CVE-2018-14040: XSS in collapse data-parent attribute CVE-2018-14042: XSS in data-container property of tooltip CVE-2016-10735: XSS is possible in the data-target attribute.