jQuery Migrate – Cross-site Scripting

Description

Kayran has detected that the version of the jquery-migrate package you use is vulnerable to Cross-site Scripting (XSS) attacks. The jquery-migrate package used code from an older jQuery library that contains a vulnerable function called location.hash().
This function is being used to select elements on your page.

Cross-site scripting vulnerabilities usually allow an attacker to impersonate as a victim user.
The malicious link executes the attacker’s chosen code on the user’s system which could allow the attacker to steal the user’s active session cookie for example.
This vulnerability allows attackers to inject malicious scripts into the pages in question.

Recommendation

Upgrade the version of the jquery-migrate you use.
Make sure you upgrade to version 1.2.1 or higher.

References

https://owasp.org/www-community/attacks/xss/

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »