Project

General

Profile

Download (1.36 KB)

Feature #339 » JQuery 1.2.txt

Tăng Bá Thiện , 05/02/2024 09:12 AM

 
136929 - JQuery 1.2 < 3.5.0 Multiple XSS
Synopsis
The remote web server is affected by multiple cross site scripting vulnerability.
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007
Solution
Upgrade to JQuery version 3.5.0 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVSS v3.0 Temporal Score
5.5 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
5.7
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-11022
CVE CVE-2020-11023
XREF IAVB:2020-B-0030
XREF CEA-ID:CEA-2021-0004
XREF CEA-ID:CEA-2021-0025
Plugin Information
Published: 2020/05/28, Modified: 2024/03/08
Plugin Output
tcp/80/www

URL : http://172.18.28.1/js/jquery-1.11.1.min.js
Installed version : 1.11.1
Fixed version : 3.5.0
(1-1/5)