jQuery_Migrate – Cross-site Scripting

Description

Kayran has detected that the version of the jquery-migrate package you use is vulnerable to Cross-site Scripting (XSS) attacks. The jquery-migrate package used code from an older jQuery library that contains a vulnerable function called location.hash().
This function is being used to select elements on your page.

Cross-site scripting vulnerabilities usually allow an attacker to impersonate as a victim user.
The malicious link executes the attacker’s chosen code on the user’s system which could allow the attacker to steal the user’s active session cookie for example.
This vulnerability allows attackers to inject malicious scripts into the pages in question.

Recommendation

Upgrade the version of the jquery-migrate you use.
Make sure you upgrade to version 1.2.1 or higher.

References

https://owasp.org/www-community/attacks/xss/

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »