search

topcoder-platform / TCO21-Regionals-QA-Competition

2 stars 0 forks source link

secure.newegg.com pages use jQuery3.4.1 which has few XSS vulnerabilities reported #252

Open rprakash20 opened 2 years ago

rprakash20 commented 2 years ago

Steps to Reproduce

  1. Open https://newegg.com in browser
  2. Login with your account
  3. Enable browser inspector and go to networks tab and put a filter for "jQuery" in network requests
  4. Click on Welcome Username -> Account settings
  5. Check the network request for jquery showing up in the inspector
  6. Check. the version of jQuery used in the web app

Target URL

https://secure.newegg.com/orders/list

Screenshots or Screen Capture

https://user-images.githubusercontent.com/5712602/128340005-5ce777f4-2f6c-429c-bd6b-c60372356aa7.mov

Screenshot 2021-08-05 at 4 36 48 PM

Current Results

secure.newegg.com pages use jQuery3.4.1 which has few XSS vulnerabilities reported . Attackers can exploit the already known vulnerabilities with a JS library to compromise the web app.

The reported vulnerabilities on this version of jQuery can be seen at https://snyk.io/test/npm/jquery/3.4.1

Expected Results

jQuery should be updated to the latest version which has no reported vulnerabilities.

Browser version and OS version

codejamtc commented 2 years ago

Submitter: 10 Points