Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

NNA JQuery Vulnerability

https://support.nagios.com/forum/viewtopic.php?t=60222

Page 1 of 1

NNA JQuery Vulnerability

Posted: Thu Sep 24, 2020 6:52 pm
by oslec
Hi,

Im installed NNA in a customer for implementation in Trial, the customer do a scan of vulnerability to the server and tell me the next:

JQuery 1.2 < 3.5.0 Multiple XSS

URL : https://10.150.57.26/nagiosna/media/js/ ... 2.4.min.js
Installed version : 1.12.4
Fixed version : 3.5.0

My customer tell me if this version in a future can be change to JQuery major version.

Question: Do you have an ETA for resolving the version of JQuery in NA ?

Regards,

Re: NNA JQuery Vulnerability

Posted: Fri Sep 25, 2020 2:21 pm
by benjaminsmith
Hi @oslec,

Thanks for trying out Nagios Network Analyzer. Yes, this will be updated in the next maintenance release. However, I do not have a hard release date at the moment.

In the meantime, there is a workaround to address this specific CVE, if your customer is willing to patch this. Let m know if that is an option.

Potential XSS vulnerability in jQuery.htmlPrefilter and related methods

Benjamin
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited