According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
I recently upgraded from 4.0 to 4.2 to fix the pci scan issue with jquery. I ran a pci vulnerability test last night and this (among other issues) is what I got: jQuery Prior to 3.4.0 Cross-Site Scripting Vulnerability I ran jQuery.fn.jquery in console and it returned 3.3.1. Direct Vulnerabilities Known vulnerabilities in the jquery package. This does not include vulnerabilities belonging to this package’s dependencies. Masato Kinugawa found a cross-site scripting (XSS) vulnerability in the htmlPrefilter method of jQuery, and published an example showing a popup alert window in the form of a challenge. Kinugawa Nov 05, 2019 · Certain jQuery libraries in use by Dynamics have known vulnerabilities allowing cross-site scripting (XSS) attacks. This article addresses Dynamics use of these libraries and if these vulnerabilities are present in the latest releases for Dynamics 365 (On-Premises).
The integrity and crossorigin attributes are used for Subresource Integrity (SRI) checking.This allows browsers to ensure that resources hosted on third-party servers have not been tampered with. Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.
Oct 22, 2018 Potential XSS vulnerability in jQuery.htmlPrefilter and
Note that while jQuery does its best to protect users from security vulnerabilities, jQuery is a DOM manipulation library that will generally do what you tell it to do. In this case, the behavior was likely unexpected, so jQuery.extend will no longer write any properties named __proto__ .
An Update on the jQuery-File-Upload Vulnerability - Akamai Oct 30, 2018 Is there a base version of jQuery which has no XSS