jQuery 1.10.2 Vulnerabilities

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Total Posts: 17
Karma: 180
Joined: 3/17/2015
Location: United States

Posted: 6 years ago

Previously posted under General Support here https://www.nopcommerce.com/boards/t/51288/jquery-1102-vulnerability-in-nop-36.aspx.

PCI compliance scan picked up jQuery vulnerabilities:

vulnerable jQuery version: 1.10.2
Details: Two vulnerabilities fixed in jQuery 3.0.0
CVE 2015-9251
CVE 2016-10707

This was with Nop 3.6, but Nop 4.0 also appears to use same old jQuery.

Please upgrade Nop to jQuery 3.

stehta

Total Posts: 29
Karma: 205
Joined: 12/12/2014
Location: United States

Posted: 6 years ago

This should be released as immedidate hotfix, correct?

evanvfs

Total Posts: 15
Karma: 85
Joined: 6/27/2013
Location: United States

Posted: 4 years ago

FYI for others - Looks like jQuery was updated to 3.x.x in nop version 4.10

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Still have questions or need help?

. Premium support services . Get dedicated support from the nopCommerce team with a guaranteed response within 24 hours.

. Online course for developers . Get the practical and technical skills you need to run and customize nopCommerce websites.