jQuery Migrate – Cross-site Scripting

Description

Kayran has detected that the version of the jquery-migrate package you use is vulnerable to Cross-site Scripting (XSS) attacks. The jquery-migrate package used code from an older jQuery library that contains a vulnerable function called location.hash().
This function is being used to select elements on your page.

Cross-site scripting vulnerabilities usually allow an attacker to impersonate as a victim user.
The malicious link executes the attacker’s chosen code on the user’s system which could allow the attacker to steal the user’s active session cookie for example.
This vulnerability allows attackers to inject malicious scripts into the pages in question.

Recommendation

Upgrade the version of the jquery-migrate you use.
Make sure you upgrade to version 1.2.1 or higher.

References

https://owasp.org/www-community/attacks/xss/

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »