Open rprakash20 opened 2 years ago
https://secure.newegg.com/orders/list
https://user-images.githubusercontent.com/5712602/128340005-5ce777f4-2f6c-429c-bd6b-c60372356aa7.mov
secure.newegg.com pages use jQuery3.4.1 which has few XSS vulnerabilities reported . Attackers can exploit the already known vulnerabilities with a JS library to compromise the web app.
The reported vulnerabilities on this version of jQuery can be seen at https://snyk.io/test/npm/jquery/3.4.1
jQuery should be updated to the latest version which has no reported vulnerabilities.
Submitter: 10 Points
Steps to Reproduce
Target URL
https://secure.newegg.com/orders/list
Screenshots or Screen Capture
https://user-images.githubusercontent.com/5712602/128340005-5ce777f4-2f6c-429c-bd6b-c60372356aa7.mov
Current Results
secure.newegg.com pages use jQuery3.4.1 which has few XSS vulnerabilities reported . Attackers can exploit the already known vulnerabilities with a JS library to compromise the web app.
The reported vulnerabilities on this version of jQuery can be seen at https://snyk.io/test/npm/jquery/3.4.1
Expected Results
jQuery should be updated to the latest version which has no reported vulnerabilities.
Browser version and OS version