View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0032727 | mantisbt | security | public | 2023-06-20 05:22 | 2023-07-03 14:48 |
Reporter | michael.h | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | duplicate | ||
Product Version | 2.25.7 | ||||
Summary | 0032727: jQuery XSS Vulnerability | ||||
Description | Hello, The output of the scan shows: URL : https://mantis.test.de/js/typeahead.jquery-1.3.0.min.js URL : https://mantis.test.de/js/jquery-2.2.4.min.js Is query used in mantis or can it be uninstalled? Thanks! | ||||
Tags | No tags attached. | ||||
duplicate of | 0026357 | acknowledged | Vulnerability from library JQuery 2.2.4 |
You did not provide any details on the vulnerabilities detected (CVE number, etc), so I can't be sure if it's actually the same, but we are aware of security issues with the outdated version of jQuery we're bundling. Unfortunately, upgrading to jQuery 3.x is not a small undertaking and we don't have the resources for that at the moment. However, the risk is mitigated by use of CSP. I would definitely recommend not to deactivate jQuery. I'm closing this as duplicate of 0026357. Next time please search before opening a new issue. |
|