Closed felixtech-msp closed 2 years ago
@c0rby I remember you already looking at jquery, what was the outcome of it?
@felixtech-msp @wkloucek, yes we do have included the jquery version 2.1.4 but we were always manually patching the security issues so there shouldn't be any problems. If you do find something which was not patched, please report it. :)
@felixtech-msp if you know about unpatched vulnerabilities please report them according to https://owncloud.com/security/
According to Nessus Scanner the JQuery version in "/core/vendor/jquery/dist/jquery.min.js" is 2.1.4. In this version are multiple XSS bugs. With version 3.5.0 they would be fixed. So an update to a newer JQuery version should be done.