Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Retirable jQuery library
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Retirable jQuery library (Read 1569 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33902
malware fighter
Retirable jQuery library
«
on:
May 24, 2020, 02:45:24 PM »
Found on a DOM-XSS scan: Results from scanning URL:
-https://code.jquery.com/jquery-1.11.2.min.js
Number of sources found: 43
Number of sinks found: 19
Mitigated through Decentraleyes extension...chrome-extension://ldpochfccmkkmhdbclfhpagapcfdljkj/resources/jquery/1.11.2/jquery.min.jsm?_=920a76b773470b239f10c261
Re:
https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xl0jey5qcXV7fXkuXl1tYGpxdXt9eS0xLjExLjIubVtuLmpz~enc
Medium risk threat:
https://retire.insecurity.today/#!/scan/ad88518ae1feecd035f9a64f255e3818222c108e6bf2749a905271c9a72dfd46
/jquery-1.11.2.js
issue 2432
issue 11974
issue 4642
issue 4647
Bug 9521 - $("#<img src=x onerror=...>")
Bug 11290 - $("element[attribute='<img src=x onerror=...>'")
jQuery issue 2432 - 3rd party $.get() auto executes if content type is text/javascript
jQuery issue 11974 - parseHTML executes inline scripts like event handlers
jQuery issue 4642 - htmlPrefilter unwraps things it shouldn't
jQuery issue 4647 - select/option wrapping unwraps can cause XSS
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
«
Last Edit: May 24, 2020, 03:08:06 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33902
malware fighter
Re: Retirable jQuery library
«
Reply #1 on:
May 24, 2020, 03:15:20 PM »
Test whether Decentraleyes is fully operational
(allow javascript to run in uMatrix please)
Re:
https://decentraleyes.org/test/
Preferred result:
All tests completed.
Decentraleyes is fully operational.
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Retirable jQuery library