Summary
jQuery 3.4.1 contains known XSS vulnerabilities (CVE-2020-11022 and CVE-2020-11023) that could be exploited.
Location
assets/js/vendor/jquery/jquery-3.4.1.js
Description
The site uses jQuery 3.4.1, which has two known XSS vulnerabilities in the htmlPrefilter function:
Impact
Attackers could potentially exploit these vulnerabilities to execute malicious JavaScript if user-controlled data is passed to jQuery DOM manipulation functions without proper sanitization.
Remediation
Upgrade jQuery to version 3.7.1 or later:
- Download latest jQuery from https://jquery.com/download/
- Replace
assets/js/vendor/jquery/jquery-3.4.1.js with new version
- Update references in templates/layouts
- Test all JavaScript functionality
Priority
P2 (Medium) - Known CVEs should be addressed
References
Summary
jQuery 3.4.1 contains known XSS vulnerabilities (CVE-2020-11022 and CVE-2020-11023) that could be exploited.
Location
assets/js/vendor/jquery/jquery-3.4.1.jsDescription
The site uses jQuery 3.4.1, which has two known XSS vulnerabilities in the
htmlPrefilterfunction:<option>and<style>tagsImpact
Attackers could potentially exploit these vulnerabilities to execute malicious JavaScript if user-controlled data is passed to jQuery DOM manipulation functions without proper sanitization.
Remediation
Upgrade jQuery to version 3.7.1 or later:
assets/js/vendor/jquery/jquery-3.4.1.jswith new versionPriority
P2 (Medium) - Known CVEs should be addressed
References