Hi,
Im installed NNA in a customer for implementation in Trial, the customer do a scan of vulnerability to the server and tell me the next:
JQuery 1.2 < 3.5.0 Multiple XSS
URL : https://10.150.57.26/nagiosna/media/js/ ... 2.4.min.js
Installed version : 1.12.4
Fixed version : 3.5.0
My customer tell me if this version in a future can be change to JQuery major version.
Question: Do you have an ETA for resolving the version of JQuery in NA ?
Regards,
NNA JQuery Vulnerability
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: NNA JQuery Vulnerability
Hi @oslec,
Thanks for trying out Nagios Network Analyzer. Yes, this will be updated in the next maintenance release. However, I do not have a hard release date at the moment.
In the meantime, there is a workaround to address this specific CVE, if your customer is willing to patch this. Let m know if that is an option.
Potential XSS vulnerability in jQuery.htmlPrefilter and related methods
Benjamin
Thanks for trying out Nagios Network Analyzer. Yes, this will be updated in the next maintenance release. However, I do not have a hard release date at the moment.
In the meantime, there is a workaround to address this specific CVE, if your customer is willing to patch this. Let m know if that is an option.
Potential XSS vulnerability in jQuery.htmlPrefilter and related methods
Benjamin
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!