13252: jQuery JavaScript v1.11.1 contains XSS - LimeSurvey bugs and feature requests

This issue affects 1 person(s).

256

ID	Project	Category	View Status	Date Submitted	Last Update
13252	Bug reports	Security	public	2018-01-26 13:06	2018-01-26 17:38

Reporter	kemweb	Assigned To	~~LouisGac~~
Priority	none	Severity	minor
Status	closed	Resolution	fixed

Summary	13252: jQuery JavaScript v1.11.1 contains XSS
Description	This jquery lib: https://github.com/LimeSurvey/LimeSurvey/blob/master/framework/web/js/source/jquery.js is not secure: https://snyk.io/vuln/npm:jquery
Tags	No tags attached.

Bug heat	256
Complete LimeSurvey version number (& build)	3.0.5+180118 and git commit 9df3677
I will donate to the project if issue is resolved	No
Browser
Database type & version	*
Server OS (if known)	*
Webserver software & version (if known)	*
PHP Version	+

User List	kemweb

kemweb 2018-01-26 13:09 reporter ~46107	Same with jQuery UI - v1.11.2 - 2014-10-16 in /framework/web/js/source/jui/js/jquery-ui.min.js See https://snyk.io/vuln/npm:jquery-ui

~~LouisGac~~ 2018-01-26 14:12 developer ~46109	we're not using it indeed. It's part of Yii, but we're calling our own version. Did you found any place where this file is loaded?

kemweb 2018-01-26 14:22 reporter ~46110	No, I only found the file. If it's not used, I guess it is fine. Thanks!

Date Modified	Username	Field	Change
2018-01-26 13:06	kemweb	New Issue
2018-01-26 13:08	kemweb	Issue Monitored: kemweb
2018-01-26 13:09	kemweb	Note Added: 46107
2018-01-26 14:12	~~LouisGac~~	Note Added: 46109
2018-01-26 14:22	kemweb	Note Added: 46110
2018-01-26 17:38	~~LouisGac~~	Assigned To	=> LouisGac
2018-01-26 17:38	~~LouisGac~~	Status	new => closed
2018-01-26 17:38	~~LouisGac~~	Resolution	open => fixed
2021-08-20 03:57	guest	Bug heat	254 => 256