[jira] [Commented] (OFBIZ-9269) Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-9269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16259581#comment-16259581
]
Jacques Le Roux commented on OFBIZ-9269:
Hi Pierre,
Already done at OFBIZ-9991
> Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-9269
> URL: https://issues.apache.org/jira/browse/OFBIZ-9269
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Labels: Javascript, retire.js, vulnerabilities
>
> 1+ years ago I created the page
> https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js
> I just checked again and here are the results
> {code}
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js
> ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
> ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug:
> 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
> ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue:
> 2432, summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js
> ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
> ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
> ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary:
> open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
> ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium;
> summary: open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
> ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
>
[jira] [Commented] (OFBIZ-9269) Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-9269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16259573#comment-16259573
]
Pierre Smits commented on OFBIZ-9269:
-
Hey Jacques,
What is the issue with OpenStreetMap? Does it warrant a separate ticket?
Best regards,
Pierre
> Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-9269
> URL: https://issues.apache.org/jira/browse/OFBIZ-9269
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Labels: Javascript, retire.js, vulnerabilities
>
> 1+ years ago I created the page
> https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js
> I just checked again and here are the results
> {code}
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js
> ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
> ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug:
> 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
> ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue:
> 2432, summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js
> ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
> ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
> ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary:
> open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
> ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium;
> summary: open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
> ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
>
[jira] [Commented] (OFBIZ-9269) Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-9269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16249381#comment-16249381
]
Jacques Le Roux commented on OFBIZ-9269:
Thanks guys, having done that once (or twice) I can help if needed. I remember
last time some unexpected work was needed for the geolocation with Google Map
and OpenStreetMap, eg
https://demo-trunk.ofbiz.apache.org/example/control/ExampleGeoLocationPointSet1.
It seems BTW that we have already again an issue with OpenStreetMap:
https://demo-trunk.ofbiz.apache.org/example/control/ExampleOsmGeoLocationPointSet1OpenStreetMap
> Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-9269
> URL: https://issues.apache.org/jira/browse/OFBIZ-9269
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Labels: Javascript, retire.js, vulnerabilities
>
> 1+ years ago I created the page
> https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js
> I just checked again and here are the results
> {code}
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js
> ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
> ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug:
> 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
> ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue:
> 2432, summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js
> ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
> ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
> ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary:
> open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
> ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium;
> summary: open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
> ? jquery 1.7.2.min has known
[jira] [Commented] (OFBIZ-9269) Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-9269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16249235#comment-16249235
]
Aditya Sharma commented on OFBIZ-9269:
--
Thanks Jacques and Deepak for inputs. I have created OFBIZ-9978 to upgrade
JQuery.
> Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-9269
> URL: https://issues.apache.org/jira/browse/OFBIZ-9269
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Labels: Javascript, retire.js, vulnerabilities
>
> 1+ years ago I created the page
> https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js
> I just checked again and here are the results
> {code}
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js
> ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
> ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug:
> 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
> ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue:
> 2432, summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js
> ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
> ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
> ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary:
> open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
> ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium;
> summary: open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
> ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
>
[jira] [Commented] (OFBIZ-9269) Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-9269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16249113#comment-16249113
]
Deepak Dixit commented on OFBIZ-9269:
-
Thanks Jacques,
Yes I am panning to work on it.
Thanks Aditya, we can come up with a plan for upgrade.
> Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-9269
> URL: https://issues.apache.org/jira/browse/OFBIZ-9269
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Labels: Javascript, retire.js, vulnerabilities
>
> 1+ years ago I created the page
> https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js
> I just checked again and here are the results
> {code}
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js
> ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
> ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug:
> 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
> ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue:
> 2432, summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js
> ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
> ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
> ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary:
> open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
> ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium;
> summary: open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
> ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
>
[jira] [Commented] (OFBIZ-9269) Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-9269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16248510#comment-16248510
]
Aditya Sharma commented on OFBIZ-9269:
--
+1 for upgrading jQuery to 3.X.
I did some study around and willing to contribute towards it.
There are some major changes to the library
https://jquery.com/upgrade-guide/3.0/ and lots of performance enhancements.
> Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-9269
> URL: https://issues.apache.org/jira/browse/OFBIZ-9269
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Labels: Javascript, retire.js, vulnerabilities
>
> 1+ years ago I created the page
> https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js
> I just checked again and here are the results
> {code}
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js
> ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
> ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug:
> 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
> ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue:
> 2432, summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js
> ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
> ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
> ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary:
> open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
> ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium;
> summary: open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
> ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432,
> summary: 3rd party CORS
[jira] [Commented] (OFBIZ-9269) Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-9269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16248419#comment-16248419
]
Jacques Le Roux commented on OFBIZ-9269:
Thanks Deepak, sounds good. Do you plan to work on it? Soon?
> Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-9269
> URL: https://issues.apache.org/jira/browse/OFBIZ-9269
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Labels: Javascript, retire.js, vulnerabilities
>
> 1+ years ago I created the page
> https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js
> I just checked again and here are the results
> {code}
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js
> ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
> ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug:
> 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
> ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue:
> 2432, summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js
> ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
> ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
> ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary:
> open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
> ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium;
> summary: open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
> ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
>
[jira] [Commented] (OFBIZ-9269) Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-9269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16248341#comment-16248341
]
Deepak Dixit commented on OFBIZ-9269:
-
I think we can plan to upgrade jQuery to 3.X, as we are doing OFBIZ-9465, so we
can use jquery upgraded version
file birt\webapp\birt\webcontent\birt\ajax\lib\prototype.js does not exists in
trunk.
We can remove jquery.mobile as its not used.
> Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-9269
> URL: https://issues.apache.org/jira/browse/OFBIZ-9269
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Labels: Javascript, retire.js, vulnerabilities
>
> 1+ years ago I created the page
> https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js
> I just checked again and here are the results
> {code}
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js
> ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
> ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug:
> 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
> ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue:
> 2432, summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js
> ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
> ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
> ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary:
> open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
> ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium;
> summary: open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
> ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity:medium; issue:
[jira] [Commented] (OFBIZ-9269) Check embedded Javascript libs vulnerabilities using retire.js
[
https://issues.apache.org/jira/browse/OFBIZ-9269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16247706#comment-16247706
]
Jacques Le Roux commented on OFBIZ-9269:
Does someone really care about that but me?
> Check embedded Javascript libs vulnerabilities using retire.js
> --
>
> Key: OFBIZ-9269
> URL: https://issues.apache.org/jira/browse/OFBIZ-9269
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
> Labels: Javascript, retire.js, vulnerabilities
>
> 1+ years ago I created the page
> https://cwiki.apache.org/confluence/display/OFBIZ/About+retire.js
> I just checked again and here are the results
> {code}
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.js
> ? jquery 1.11.0 has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js
> ? jquery-migrate 1.2.1 has known vulnerabilities: severity: medium; bug:
> 11290, summary: Selector interpreted as HTML;
> http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery-1.11.0.min.js
> ? jquery 1.11.0.min has known vulnerabilities: severity: medium; issue:
> 2432, summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\require.js
> ? jquery 1.7.1 has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.min.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\angular.js
> ? angularjs 1.3.8 has known vulnerabilities: severity: medium; summary: The
> attribute usemap can be used as a security exploit;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md severity:
> medium; summary: Universal CSP bypass via add-on in Firefox;
> https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435
> http://pastebin.com/raw/kGrdaypP severity: medium; summary: DOS in $sanitize;
> https://github.com/angular/angular.js/blob/master/CHANGELOG.md
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\libs\jquery-2.1.3.min.js
> ? jquery 2.1.3.min has known vulnerabilities: severity: medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.js
> ? jquery-mobile 1.4.0 has known vulnerabilities: severity: medium; summary:
> open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\framework\images\webapp\images\jquery\jquery.mobile\jquery.mobile-1.4.0.min.js
> ? jquery-mobile 1.4.0.min has known vulnerabilities: severity: medium;
> summary: open redirect leads to cross site scripting;
> http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html
>
> C:\projectsASF\ofbiz-framework\plugins\solr\webapp\solr\js\lib\jquery-1.7.2.min.js
> ? jquery 1.7.2.min has known vulnerabilities: severity: medium; bug: 11290,
> summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290
> http://research.insecurelabs.org/jquery/test/ severity:medium; issue: 2432,
> summary: 3rd party CORS request may execute;
> https://github.com/jquery/jquery/issues/2432
> http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
>
>
