mitchas
commented
3 years ago Everything fixed except Phragmites. I tried updating jQuery and it broke a bunch of stuff. Will try again later.
Closed aaronstephenson closed 3 years ago
mitchas
commented
3 years ago Everything fixed except Phragmites. I tried updating jQuery and it broke a bunch of stuff. Will try again later.
HansVraga
commented
3 years ago creating new issue for Phragmites so this one can be closed.
HansVraga
commented
3 years ago
Acunetix scan reports this app is using jQuery 1.7, 1.12.4, 3.1.0, 3.1.1 and 3.3.1, and should be updated. This is a Medium vulnerability and should be a priority.
I suspect this is in the part of the site listing other projects/apps, because each vulnerability has a different URL:
[x] Bad River is linking to a Google APIs file using 1.7: https://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.js
[x] Marker Maker is using 3.3.1: https://wim.usgs.gov/markermaker/app.js
[ ] Phragmites is using 3.3.1: https://wim.usgs.gov/phragmites/scripts/vendor.js
[x] Geonarrative Generator is using 3.3.1: https://code.jquery.com/jquery-3.3.1.slim.min.js
[x] MRData is linking to a Google APIs file using 1.12.4: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
[x] MRData is also using 3.1.0: https://wim.usgs.gov/mrdata/assets/jquery/jquery.min.js
[x] Status (?) is using 3.1.1: https://wim.usgs.gov/status/node_modules/jquery/dist/jquery.min.js