wkloucek
commented
3 years ago @c0rby I remember you already looking at jquery, what was the outcome of it?
Closed felixtech-msp closed 2 years ago
wkloucek
commented
3 years ago @c0rby I remember you already looking at jquery, what was the outcome of it?
C0rby
commented
2 years ago @felixtech-msp @wkloucek, yes we do have included the jquery version 2.1.4 but we were always manually patching the security issues so there shouldn't be any problems. If you do find something which was not patched, please report it. :)
wkloucek
commented
2 years ago @felixtech-msp if you know about unpatched vulnerabilities please report them according to https://owncloud.com/security/
According to Nessus Scanner the JQuery version in "/core/vendor/jquery/dist/jquery.min.js" is 2.1.4. In this version are multiple XSS bugs. With version 3.5.0 they would be fixed. So an update to a newer JQuery version should be done.