We upgraded from 3.7 to 4.0 a few weeks ago, and now we are failing PCI "Cross-site Scripting (XSS) vulnerability"
Is this a known issue?
v.4 PCI FAIL: Cross-site Scripting (XSS) vulnerability
- 1
- 2
- 148
- 960
- 2009/08/21
- United Kingdom
Hi Guys,
I ran my PCI compliance test yesterday and also have this problem, the error on the report is shown below:
JQuery 1.x < 1.12.0 / 2.x < 2.2.0 XSS 443 / tcp / possible_wls
The error is explained here
The solution is to upgrade to JQuery version 1.12.0 or later.
I am running NopCommerce v3.8 and my scripts already contain a migrated version of JQuery 1.12
jquery-migrate-1.2.1.min.js
Anyone know how to migrate to this version with the platform, do I need to place the declaration after the previous version like below?
Paul.
I ran my PCI compliance test yesterday and also have this problem, the error on the report is shown below:
JQuery 1.x < 1.12.0 / 2.x < 2.2.0 XSS 443 / tcp / possible_wls
The error is explained here
The solution is to upgrade to JQuery version 1.12.0 or later.
I am running NopCommerce v3.8 and my scripts already contain a migrated version of JQuery 1.12
jquery-migrate-1.2.1.min.js
Anyone know how to migrate to this version with the platform, do I need to place the declaration after the previous version like below?
Html.AppendScriptParts("~/Scripts/jquery-1.10.2.min.js");
Html.AppendScriptParts("~/Scripts/jquery-migrate-1.2.1.min.js");
Paul.
- 148
- 960
- 2009/08/21
- United Kingdom
here is a good write up on the issue if anyone is interested.
https://www.acunetix.com/websitesecurity/cross-site-scripting/
https://www.acunetix.com/websitesecurity/cross-site-scripting/
- 28
- 150
- 2015/02/12
- United States
phayes wrote:
This isn't the same issue.
Hi Guys,
I ran my PCI compliance test yesterday and also have this problem, the error on the report is shown below:
JQuery 1.x < 1.12.0 / 2.x < 2.2.0 XSS 443 / tcp / possible_wls
The error is explained here
The solution is to upgrade to JQuery version 1.12.0 or later.
I am running NopCommerce v3.8 and my scripts already contain a migrated version of JQuery 1.12
jquery-migrate-1.2.1.min.js
Anyone know how to migrate to this version with the platform, do I need to place the declaration after the previous version like below?
Paul.
I ran my PCI compliance test yesterday and also have this problem, the error on the report is shown below:
JQuery 1.x < 1.12.0 / 2.x < 2.2.0 XSS 443 / tcp / possible_wls
The error is explained here
The solution is to upgrade to JQuery version 1.12.0 or later.
I am running NopCommerce v3.8 and my scripts already contain a migrated version of JQuery 1.12
jquery-migrate-1.2.1.min.js
Anyone know how to migrate to this version with the platform, do I need to place the declaration after the previous version like below?
Html.AppendScriptParts("~/Scripts/jquery-1.10.2.min.js");
Html.AppendScriptParts("~/Scripts/jquery-migrate-1.2.1.min.js");
Paul.
This isn't the same issue.
- 148
- 960
- 2009/08/21
- United Kingdom
I think you may find it is, follow the link below.
https://www.tenable.com/plugins/nessus/106657
The remote web server is affected by a cross-site scripting vulnerability.
https://www.tenable.com/plugins/nessus/106657
The remote web server is affected by a cross-site scripting vulnerability.
- 1
- 2