Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-202

INSECURE VERSION OF JQUERY

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Component/s: BenAdmin
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed
    • Issue Importance:
      Must Have

      Description

      Impact
      JQuery version 1.7.1 is vulnerable to an issue which that misinterprets selectors as HTML. Depending on the implementation, this misrepresentation could aid attackers in discovering or exploiting Cross-Site Scripting (XSS) attacks.

      Page Impacted
      https://www.workterra.net/BenAdmin/bundles/JQuery?v=GDyIzexPmDiBJ0URdNIHxEAx0xoaoH0x3SEjitOpW441

      Verification and Attack Information
      Praetorian confirmed this finding by looking up known exploits for jQuery libraries that the application leveraged.

      Recommendation
      Update jQuery libraries to the most recent version.

        Attachments

          Issue Links

          relates to

          Enhancement - An improvement or enhancement to an existing feature or task. ST-236 JQuery Migration : Un-linking old scripts and issues reproduce

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. ST-243 Reports Issues due to Jquery changes

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3230 Export > Unable to map fields on sub template due to issue on Field mapping page

          • Critical - This problem will block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3231 Export > Sub Template > Edit Sub Template Field popup unable to Save/ Save and Close

          • Critical - This problem will block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3342 Export > "Save & Add New" not working on subtemplate while adding new field

          • High - Serious problem that could block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3381 UI gets disturbed while repositioning the fields on Export AND import Subtemplate

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3433 ACA - JQuery issue on EIN Classes Mapping page

          • High - Serious problem that could block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3486 Unable to add /Update class on any company

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3506 Export > Data transformation UI issue

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3606 In Standard Reports, Report Branding Setting panel is scaled incorrectly.

          • High - Serious problem that could block progress.
          • Closed

            Activity

              People

              Assignee:
              hrishikesh.deshpande Hrishikesh Deshpande (Inactive)
              Reporter:
              vijayendra Vijayendra Shinde (Inactive)
              Developer:
              Niteen Surwase (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: