1 jquery vulnerability found in `…/3rdParty/jquery-1.8.0.min.js`
Remediation
Upgrade jquery to version 1.9.0 or later.
Details
CVE-2017-16011
high severity
Vulnerable versions: >= 1.7.1, <= 1.8.3
Patched version: 1.9.0
Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.
Details per dependabot
1 jquery vulnerability found in `…/3rdParty/jquery-1.8.0.min.js`
Remediation
Upgrade jquery to version 1.9.0 or later.
Details
Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.