-
Type:
Enhancement
-
Status: Closed
-
Priority:
Medium
-
Resolution: Done
-
Component/s: BenAdmin
-
Labels:None
-
Module:BenAdmin - Security
-
Reported by:Support
-
Item State:Production Complete - Closed
-
Issue Importance:Must Have
Impact
JQuery version 1.7.1 is vulnerable to an issue which that misinterprets selectors as HTML. Depending on the implementation, this misrepresentation could aid attackers in discovering or exploiting Cross-Site Scripting (XSS) attacks.
Page Impacted
https://www.workterra.net/BenAdmin/bundles/JQuery?v=GDyIzexPmDiBJ0URdNIHxEAx0xoaoH0x3SEjitOpW441
Verification and Attack Information
Praetorian confirmed this finding by looking up known exploits for jQuery libraries that the application leveraged.
Recommendation
Update jQuery libraries to the most recent version.
- relates to
-
-
- Closed
-
-
ST-243 Reports Issues due to Jquery changes
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
| Field | Original Value | New Value |
|---|---|---|
| Status | New Request [ 10029 ] | Pending for Approval [ 10002 ] |
| Status | Pending for Approval [ 10002 ] | Approved for Development [ 10003 ] |
| Status | Approved for Development [ 10003 ] | In Development [ 10007 ] |
| Assignee | Niteen Surwase [ niteen.surwase ] |
| Developer | Niteen Surwase [ niteen.surwase ] |
| Assignee | Niteen Surwase [ niteen.surwase ] | Deepali Tidke [ deepalit ] |
| Item State | Parent values: Development(10200)Level 1 values: In Progress(10206) | Parent values: LB QA(10201) |
| Assignee | Deepali Tidke [ deepalit ] | Hrishikesh Deshpande [ hrishikesh.deshpande ] |
| Status | In Development [ 10007 ] | Local Testing [ 10200 ] |
| Item State | Parent values: LB QA(10201) | Parent values: Stage QA(10202)Level 1 values: In Testing(10214) |
| Status | Local Testing [ 10200 ] | Pending for Stage Approval [ 10300 ] |
| Status | Pending for Stage Approval [ 10300 ] | Approved for Stage [ 10030 ] |
| Status | Approved for Stage [ 10030 ] | Stage Testing [ 10201 ] |
| Item State | Parent values: Stage QA(10202)Level 1 values: In Testing(10214) | Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) |
| Item State | Parent values: Stage QA(10202)Level 1 values: Ready for Production(10217) | Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) |
| Item State | Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) | Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) |
| Item State | Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) | Parent values: Production QA(10203)Level 1 values: In Testing(10218) |
| Status | Stage Testing [ 10201 ] | Pending for Production Approval [ 10301 ] |
| Status | Pending for Production Approval [ 10301 ] | Approved for production [ 10034 ] |
| Status | Approved for production [ 10034 ] | Production Testing [ 10202 ] |
| Item State | Parent values: Production QA(10203)Level 1 values: In Testing(10218) | Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) |
| Assignee | Hrishikesh Deshpande [ hrishikesh.deshpande ] | Niteen Surwase [ niteen.surwase ] |
| Assignee | Niteen Surwase [ niteen.surwase ] | Hrishikesh Deshpande [ hrishikesh.deshpande ] |
| Item State | Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) | Parent values: Production Complete(10222)Level 1 values: Closed(10223) |
| Resolution | Fixed [ 1 ] | |
| Status | Production Testing [ 10202 ] | Production Complete [ 10028 ] |
| Status | Production Complete [ 10028 ] | Closed [ 6 ] |