jQuery_Migrate – Cross-site Scripting

Description

Kayran has detected that the version of the jquery-migrate package you use is vulnerable to Cross-site Scripting (XSS) attacks. The jquery-migrate package used code from an older jQuery library that contains a vulnerable function called location.hash().
This function is being used to select elements on your page.

Cross-site scripting vulnerabilities usually allow an attacker to impersonate as a victim user.
The malicious link executes the attacker’s chosen code on the user’s system which could allow the attacker to steal the user’s active session cookie for example.
This vulnerability allows attackers to inject malicious scripts into the pages in question.

Recommendation

Upgrade the version of the jquery-migrate you use.
Make sure you upgrade to version 1.2.1 or higher.

References

https://owasp.org/www-community/attacks/xss/

< Return to all Vulnerabilities

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »