search

deroproject / derosuite

DERO: Secure, Anonymous Blockchain with Smart Contracts. Subscribe to Dero announcements by sending mail to lists@dero.io with subject: subscribe announcements
http://wiki.dero.io
Other
280 stars 96 forks source link

XSS vulns in web wallet 2.1.6-2.alpha.atlantisNightly+31102018 #26

Open DaftSyk opened 3 years ago

DaftSyk commented 3 years ago

According to retire.js:

` bootstrap 4.1.3 Found in https://wallet.dero.io/static/deps/bootstrap.min.js _____Vulnerability info:medium28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-83311 medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 1
medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 1
jquery 3.2.1 Found in https://wallet.dero.io/static/deps/jquery-3.2.1.js _____Vulnerability info:mediumCVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution123mediumCVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS1mediumCVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS1 medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution 123 medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1 medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1
medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution 123
medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1
medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1
- - Did not recognize https://wallet.dero.io/static/deps/big.js
- - Did not recognize https://wallet.dero.io/static/deps/clipboard.min.js
- - Did not recognize https://wallet.dero.io/static/deps/dexie.js
- - Did not recognize https://wallet.dero.io/static/deps/FileSaver.js
- - Did not recognize https://wallet.dero.io/static/deps/i18next_11.9.1.min.js
- - Did not recognize https://wallet.dero.io/static/deps/jquery-i18next.min.js
- - Did not recognize https://wallet.dero.io/static/deps/js.cookie-2.2.0.min.js
- - Did not recognize https://wallet.dero.io/static/deps/popper.min.js
- - Did not recognize https://wallet.dero.io/static/deps/promise-worker.js
- - Did not recognize https://wallet.dero.io/static/deps/promise-worker.register.js
- - Did not recognize https://wallet.dero.io/static/deps/qrcode.js
- - Did not recognize https://wallet.dero.io/static/deps/tabulator.min.js
- - Did not recognize https://wallet.dero.io/static/deps/video.js
- - Did not recognize https://wallet.dero.io/static/deps/zxing.js
- - Did not recognize https://wallet.dero.io/static/translations.js
- - Did not recognize https://wallet.dero.io/static/wallet_worker.js
- - Did not recognize https://wallet.dero.io/static/wallet.js
- - Did not recognize https://wallet.dero.io/static/wasm_exec.js

`