jquery version upgrade suggestion

[mppeirsel]

Discussed in https://github.com/SaneiSaya/docker-eNMS/discussions/8

^{Originally posted by **mppeirsel** July 31, 2024} I am using this tool and I have recently identified that there is a cross site scripting vulnerability in the version of jquery that is used by the eNMS project. I am submitting a request for a change to make this project utilize jquery 3.5.0 or later if possible so this vulnerability is resolved. Severity: Medium CVE: CVE-2020-11022,CVE-2020-11023 According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release. Plugin Output: URL : https://[hostname]/static/lib/jquery/jquery.min.js Installed version : 2.2.4 Fixed version : 3.5.0 Upgrade to JQuery version 3.5.0 or later.

[SaneiSaya]

If you want to fix it manually you can update to the following: Use jQuery 3.6.4, Bootstrap 3.3.7, Bootstrap-Select 1.13.18. I had to update 1 statement in the file in base.js.

Look for this:

$(window).load(function() { NProgress.done(); });

And modify it to this:

$(window).on('load', function() { NProgress.done(); });

I will be releasing the changes in the next week to the clone image

[SaneiSaya]

The updated code has been added