Jquery vulnerability on Management Interface web server

Reply
Highlighted
L0 Member

Jquery vulnerability on Management Interface web server

Hi team

We received this vulnerability in the report by our vendor for our PA

"

According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by a cross site scripting vulnerability

"

and solution for this its saying "Upgrade to JQuery version 3.5.0 or later.".

 

I researched my way through google and only found this helpful

https://docs.paloaltonetworks.com/oss-listings/pan-os-oss-listings/pan-os-9-0-open-source-software-o...

 

But not getting the precise solution...anyone else faced this?

Current we are running PAN OS 8.1.13

 

Thanks in advance


Accepted Solutions
Highlighted
L0 Member

Re: Jquery vulnerability on Management Interface web server

Got below UPDATE from TAC-

 

 JQuery -  cross site scripting vulnerability CVE-2020-11022.
> This is a false positive by the vulnerability scanner. Palo Alto Networks Web Mgmt GUI utilises a very lightweight subset of jquery function and does not impact by the CVE reported in jquery.

 

 

 

View solution in original post


All Replies
Highlighted
Community Team Member

Re: Jquery vulnerability on Management Interface web server

Hi @shubhamG ,

 

I'd check with support for this one as JQuery isn't even listed on the 8.1 OSS listing. 

It's only listed on the 9.0 and 9.1 OSS lists where it's shown as version 1.12.2

 

Cheers,

-Kiwi.

 
Highlighted
L0 Member

Re: Jquery vulnerability on Management Interface web server

Got below UPDATE from TAC-

 

 JQuery -  cross site scripting vulnerability CVE-2020-11022.
> This is a false positive by the vulnerability scanner. Palo Alto Networks Web Mgmt GUI utilises a very lightweight subset of jquery function and does not impact by the CVE reported in jquery.

 

 

 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!