jptec Posted September 12, 2022 Share Posted September 12, 2022 I've used a testing tools named BurpSuite and report the following issue: A JavaScript framework or library is a set of tools and functions that make it easy to generate cross-browser compatible JavaScript code. If a website uses a JavaScript framework or library with vulnerabilities, attackers can use this vulnerability to hijack the user's browser and carry out such attacks as horse hijacking, XSS, and Cookie hijacking. The test address: http://114.xx.xx.xx:8077/uni-1.90.0.1560/jQuery/jquery-1.11.2.min.js please attached picture for reference. Risk level: [Medium risk] Risk analysis: Attackers can use this vulnerability to hijack the user's browser and carry out horse, XSS, Cookie hijacking Security tip: Upgrade the affected javascript framework library to the latest version. Please advise how to solve Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 12, 2022 Share Posted September 12, 2022 1 hour ago, jptec said: I've used a testing tools named BurpSuite and report the following issue: A JavaScript framework or library is a set of tools and functions that make it easy to generate cross-browser compatible JavaScript code. If a website uses a JavaScript framework or library with vulnerabilities, attackers can use this vulnerability to hijack the user's browser and carry out such attacks as horse hijacking, XSS, and Cookie hijacking. The test address: http://114.xx.xx.xx:8077/uni-1.90.0.1560/jQuery/jquery-1.11.2.min.js please attached picture for reference. Risk level: [Medium risk] Risk analysis: Attackers can use this vulnerability to hijack the user's browser and carry out horse, XSS, Cookie hijacking Security tip: Upgrade the affected javascript framework library to the latest version. Please advise how to solve Hello, try to disable jQuery. On uniServerMOdule.Options.soDontLoadjQueryLib := True; Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 12, 2022 Share Posted September 12, 2022 Or try some solutions: Quote Link to comment Share on other sites More sharing options...
irigsoft Posted October 4, 2022 Share Posted October 4, 2022 @jptec hi, did you succeed with the jquery upgrade? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.