SoftTree Technologies SoftTree Technologies
Technical Support Forums
RegisterSearchFAQMemberlistUsergroupsLog in
JQuery 1.2 < 3.5.0 Multiple XSS (136929)

 
Reply to topic    SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite View previous topic
View next topic
JQuery 1.2 < 3.5.0 Multiple XSS (136929)
Author Message
Eric.Charbonneau



Joined: 03 Nov 2016
Posts: 12
Country: United States

Post JQuery 1.2 < 3.5.0 Multiple XSS (136929) Reply with quote
Hello,

We are getting flagged for a vulnerability in our 24x7 installation. Is there any way to update jquery?


Synopsis
The remote web server is affected by multiple cross site scripting vulnerability.

Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.

Solution
Upgrade to JQuery version 3.5.0 or later.


Plugin Output
URL : https://x.x.x.x:8088/jdep/js/jquery-1.7.2.min.js
Installed version : 1.7.2
Fixed version : 3.5.0
Tue Sep 15, 2020 11:42 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7125

Post Reply with quote
Hi,

The library cannot be replaced in place, more recent versions are not backward compatible. Please contact support for instructions for downloading an updated version of the web console.
Wed Sep 16, 2020 2:04 am View user's profile Send private message
Eric.Charbonneau



Joined: 03 Nov 2016
Posts: 12
Country: United States

Post Reply with quote
SysOp wrote:
Hi,

The library cannot be replaced in place, more recent versions are not backward compatible. Please contact support for instructions for downloading an updated version of the web console.


What support should i contact?

Our web console is: 24x7 Web Console Version 5.3.456
Wed Sep 16, 2020 7:14 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7125

Post Reply with quote
Please email to support(@)softtreetech.com, please remove brakets from the address
Wed Sep 16, 2020 8:36 am View user's profile Send private message
Display posts from previous:    
Reply to topic    SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite All times are GMT - 4 Hours
Page 1 of 1

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


 

 

Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.