Alr1976 Posted April 3 Posted April 3 I performed the penetration test and I have these issues because the test did not pass. How can I resolve them? The scanner detected that the application loads jQuery version 3.6.4. This version is outdated and may contain known vulnerabilities or lack security improvements present in more recent releases. • UniGUI internal communication — all UI events (button clicks, form submissions, timer ticks, etc.) are sent as Ajax POST requests to the fixed endpoint /HandleEvent. These are not a public API but are detected by the scanner as API-like traffic. The /HandleEvent endpoint, if reachable without a valid session, could be probed for server-side logic vulnerabilities. Tested with Unigui 1.95.0.1607 Quote
Administrators Farshad Mohajeri Posted April 3 Administrators Posted April 3 Hello, We constantly update JQuery to latest version. That said, Jquery plays no role in Ext JS functionality except for some 3rd party JS libraries that rely on it. Regarding "Handleevent", it only works if it is provided a valid session ID otherwise it is rejected by the server. Started from a certain build we are embedding session id in form parameters hiding it from URL (which was previously a part of the URL parameters) Quote
Alr1976 Posted April 3 Author Posted April 3 Okay, I also need to implement TLS 1.3. How can I do that? Quote
irigsoft Posted April 4 Posted April 4 14 hours ago, Alr1976 said: Okay, I also need to implement TLS 1.3. How can I do that? try to implement Internet Component Suite. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.