Re: JQuery issue ProSafe GS728TPv2 Switch

VMHP · ‎2021-09-30

Hi

Recently we ran a Nessus scan for the switch above after updating firmware.

Nessus flagged a JQuery issue:

Description: According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release. Solution: Upgrade to JQuery version 3.5.0 or later.

Can anyone could tell me how to upgrade this or if it can be ignored please?

schumaku · ‎2021-10-08

@JohnC_V please.

JohnC_V · ‎2021-10-11

@VMHP,

I have sent you a private message.

Regards,

John

NETGEAR Community Team

Millwaar · ‎2022-01-18

Hi John,

I'm also having the same issue, would you mind dropping me a line?

Thanks.

Tonymnemonic · ‎2022-02-04

I am getting a similar vulnerability with AlienVault. jQuery is vulnerable to Cross-site Scripting (XSS) attacks. Is there a way to update jQuery?

JDGT · ‎2022-03-10

@JohnC_V wrote:
@VMHP,

I have sent you a private message.

Regards,

John
NETGEAR Community Team

@JohnC_V I have also been inform of a the JQuery vulnerabilty version issue. Could you please reach out to me as well?

S3300-52X-PoE+

lr-ssb · ‎2022-03-14

I am having this same issue. Nessus detects jquery 1.6.2 installed on my Netgear switch

JDGT · ‎2022-03-30

Hello,

Looking for an update to this issue. Is there an ETA for a patch release to address the JQuery vulnerability?

chpc · ‎2022-05-23

We could also use an update, our vulnerability scan is showing:

jQuery End of Life (EOL) Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.117149) Version used: 2021-06-11T09:02:34Z

Solution:

Update jQuery on the remote host to a still supported version.