| Description | The identified library jquery, version 2.2.4 is vulnerable. |
| URL | client/espo.min.js?r=1625519810 |
| Method | GET |
| Evidence | ,m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};function s(a){var b="length"in a&&a.length,c=n.type(a);return"function"!==c&&!n .i sWindow(a)&&(!(1!==a.nodeType||!b)||("array"===c|| 0===b||"number"==typeof b&&0<b&&b-1 in a))}n.fn=n.prototype={jquery:m, |
| URL | client/espo.min.js?r=1625516753 |
| Method | GET |
| Evidence | ,m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};function s(a){var b="length"in a&&a.length,c=n.type(a);return"function"!==c&&!n .i sWindow(a)&&(!(1!==a.nodeType||!b)||("array"===c|| 0===b||"number"==typeof b&&0<b&&b-1 in a))}n.fn=n.prototype={jquery:m, |
| Instances | 2 |
| Solution | Please upgrade to the latest version of jquery. |
| Other information | CVE-2020-11023 CVE-2020-11022 CVE-2015-9251 CVE-2019-11358 |
| Reference | https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ http://research.insecurelabs.org/jquery/test/ https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b https://bugs.jquery.com/ticket/11974 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ |
| CWE Id | 829 |
| Source ID | 3 |
Tweet
jQuery 2.1.4 Cross-site Scripting (XSS) vulnerability
Comment