Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-202

INSECURE VERSION OF JQUERY

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Component/s: BenAdmin
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed
    • Issue Importance:
      Must Have

      Description

      Impact
      JQuery version 1.7.1 is vulnerable to an issue which that misinterprets selectors as HTML. Depending on the implementation, this misrepresentation could aid attackers in discovering or exploiting Cross-Site Scripting (XSS) attacks.

      Page Impacted
      https://www.workterra.net/BenAdmin/bundles/JQuery?v=GDyIzexPmDiBJ0URdNIHxEAx0xoaoH0x3SEjitOpW441

      Verification and Attack Information
      Praetorian confirmed this finding by looking up known exploits for jQuery libraries that the application leveraged.

      Recommendation
      Update jQuery libraries to the most recent version.

        Attachments

          Issue Links

          relates to

          Enhancement - An improvement or enhancement to an existing feature or task. ST-236 JQuery Migration : Un-linking old scripts and issues reproduce

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. ST-243 Reports Issues due to Jquery changes

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3230 Export > Unable to map fields on sub template due to issue on Field mapping page

          • Critical - This problem will block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3231 Export > Sub Template > Edit Sub Template Field popup unable to Save/ Save and Close

          • Critical - This problem will block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3342 Export > "Save & Add New" not working on subtemplate while adding new field

          • High - Serious problem that could block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3381 UI gets disturbed while repositioning the fields on Export AND import Subtemplate

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3433 ACA - JQuery issue on EIN Classes Mapping page

          • High - Serious problem that could block progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3486 Unable to add /Update class on any company

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3506 Export > Data transformation UI issue

          • Medium - Has the potential to affect progress.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. WT-3606 In Standard Reports, Report Branding Setting panel is scaled incorrectly.

          • High - Serious problem that could block progress.
          • Closed

            Activity

            Transition Time In Source Status Execution Times
            Vijayendra Shinde (Inactive) made transition -
            New Request Pending for Approval
            		9s 1
            Vijayendra Shinde (Inactive) made transition -
            Pending for Approval Approved for Development
            		2s 1
            Vijayendra Shinde (Inactive) made transition -
            Approved for Development In Development
            		2s 1
            Hrishikesh Deshpande (Inactive) made transition -
            In Development In LB Testing
            		50d 47m 1
            Hrishikesh Deshpande (Inactive) made transition -
            In LB Testing Pending for Stage Approval
            		12d 23h 49m 1
            Hrishikesh Deshpande (Inactive) made transition -
            Pending for Stage Approval Approved for Stage
            		2s 1
            Hrishikesh Deshpande (Inactive) made transition -
            Approved for Stage Stage Testing
            		2s 1
            Hrishikesh Deshpande (Inactive) made transition -
            Stage Testing Pending for Production Approval
            		35d 19m 1
            Hrishikesh Deshpande (Inactive) made transition -
            Pending for Production Approval Approved for production
            		3s 1
            Hrishikesh Deshpande (Inactive) made transition -
            Approved for production In Production Testing
            		2s 1
            Hrishikesh Deshpande (Inactive) made transition -
            In Production Testing Production Complete
            		1d 6h 31m 1
            Hrishikesh Deshpande (Inactive) made transition -
            Production Complete Closed
            		1m 1

              People

              Assignee:
              hrishikesh.deshpande Hrishikesh Deshpande (Inactive)
              Reporter:
              vijayendra Vijayendra Shinde (Inactive)
              Developer:
              Niteen Surwase (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: