Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-202

INSECURE VERSION OF JQUERY

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Component/s: BenAdmin
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed
    • Issue Importance:
      Must Have

      Description

      Impact
      JQuery version 1.7.1 is vulnerable to an issue which that misinterprets selectors as HTML. Depending on the implementation, this misrepresentation could aid attackers in discovering or exploiting Cross-Site Scripting (XSS) attacks.

      Page Impacted
      https://www.workterra.net/BenAdmin/bundles/JQuery?v=GDyIzexPmDiBJ0URdNIHxEAx0xoaoH0x3SEjitOpW441

      Verification and Attack Information
      Praetorian confirmed this finding by looking up known exploits for jQuery libraries that the application leveraged.

      Recommendation
      Update jQuery libraries to the most recent version.

        Attachments

          Issue Links

          relates to

          Enhancement - An improvement or enhancement to an existing feature or task. ST-236 JQuery Migration : Un-linking old scripts and issues reproduce

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. ST-243 Reports Issues due to Jquery changes

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3230 Export > Unable to map fields on sub template due to issue on Field mapping page

          • Critical - This problem will block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3231 Export > Sub Template > Edit Sub Template Field popup unable to Save/ Save and Close

          • Critical - This problem will block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3342 Export > "Save & Add New" not working on subtemplate while adding new field

          • High - Serious problem that could block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3381 UI gets disturbed while repositioning the fields on Export AND import Subtemplate

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3433 ACA - JQuery issue on EIN Classes Mapping page

          • High - Serious problem that could block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3486 Unable to add /Update class on any company

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3506 Export > Data transformation UI issue

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3606 In Standard Reports, Report Branding Setting panel is scaled incorrectly.

          • High - Serious problem that could block progress.
          • Closed

            Activity

            Ascending order - Click to sort in descending order
            Hide
            Permalink
            deepalit Deepali Tidke (Inactive) added a comment -

            Please look into this jira , this is parent jira for 4 attached sub jira's wherein 3 is with Aniruddha and 1 is with Priya.

            Once child jiras are closed this jira can also be closed.

            Show
            deepalit Deepali Tidke (Inactive) added a comment - Please look into this jira , this is parent jira for 4 attached sub jira's wherein 3 is with Aniruddha and 1 is with Priya. Once child jiras are closed this jira can also be closed.
            Hide
            Permalink
            niteen.surwase Niteen Surwase (Inactive) added a comment -

            Hi Hrishikesh Deshpande

            CC: Vijayendra Shinde, Samir

            Minified version of Jquery migration file is going on production.
            Please make sure that JQuery is working all over project.

            Show
            niteen.surwase Niteen Surwase (Inactive) added a comment - Hi Hrishikesh Deshpande CC: Vijayendra Shinde , Samir Minified version of Jquery migration file is going on production. Please make sure that JQuery is working all over project.
            Hide
            Permalink
            hrishikesh.deshpande Hrishikesh Deshpande (Inactive) added a comment -

            Niteen Surwase

            At some pages we are getting below warning message. Please Check and revert JIRA to me in case this is not any issues.

            JQuery?v=ViMkAeLAhvSUBhZYWgSG5B7cvNrLv_RJneRiMf9ggoc1:1 Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience.

            Thanks,
            Hrishikesh.

            CC : Vijayendra Shinde

            Show
            hrishikesh.deshpande Hrishikesh Deshpande (Inactive) added a comment - Niteen Surwase At some pages we are getting below warning message. Please Check and revert JIRA to me in case this is not any issues. JQuery?v=ViMkAeLAhvSUBhZYWgSG5B7cvNrLv_RJneRiMf9ggoc1:1 Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. Thanks, Hrishikesh. CC : Vijayendra Shinde
            Hide
            Permalink
            niteen.surwase Niteen Surwase (Inactive) added a comment -

            Hi Hrishikesh Deshpande

            Please ignore this warning and refer following excelsheet from SVN to Ignore warning list for future
            \WT\JQuery Migration\Errors-Warnings to Ignore.xls

            CC: Vijayendra Shinde, Samir

            Show
            niteen.surwase Niteen Surwase (Inactive) added a comment - Hi Hrishikesh Deshpande Please ignore this warning and refer following excelsheet from SVN to Ignore warning list for future \WT\JQuery Migration\Errors-Warnings to Ignore.xls CC: Vijayendra Shinde , Samir
            Hide
            Permalink
            hrishikesh.deshpande Hrishikesh Deshpande (Inactive) added a comment -

            Verified that JQuery is working on WT production site properly. No any issue observed and additional issues are closed.

            Show
            hrishikesh.deshpande Hrishikesh Deshpande (Inactive) added a comment - Verified that JQuery is working on WT production site properly. No any issue observed and additional issues are closed.

              People

              Assignee:
              hrishikesh.deshpande Hrishikesh Deshpande (Inactive)
              Reporter:
              vijayendra Vijayendra Shinde (Inactive)
              Developer:
              Niteen Surwase (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: