Security vulnerability in jquery - cross site scripting
mamema opened this issue · comments
Nessus report:
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.
Solution
Upgrade to JQuery version 3.5.0 or later.
See Also
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007
Booksonic is using 3.5.0 already but I am updating it to 3.6.0