owncloud-docker / server

Docker image for ownCloud community edition
MIT License
442 stars 127 forks source link

[Security] JQuery 1.2 < 3.5.0 Multiple XSS #274

Closed felixtech-msp closed 2 years ago

felixtech-msp commented 3 years ago

According to Nessus Scanner the JQuery version in "/core/vendor/jquery/dist/jquery.min.js" is 2.1.4. In this version are multiple XSS bugs. With version 3.5.0 they would be fixed. So an update to a newer JQuery version should be done.

wkloucek commented 3 years ago

@c0rby I remember you already looking at jquery, what was the outcome of it?

C0rby commented 2 years ago

@felixtech-msp @wkloucek, yes we do have included the jquery version 2.1.4 but we were always manually patching the security issues so there shouldn't be any problems. If you do find something which was not patched, please report it. :)

wkloucek commented 2 years ago

@felixtech-msp if you know about unpatched vulnerabilities please report them according to https://owncloud.com/security/