[wp-trac] [WordPress Trac] #49735: The jquery-migrate and jquery packages are vulnerable to Cross-Site Scripting (XSS).

WordPress Trac noreply at wordpress.org
Tue Mar 31 08:52:03 UTC 2020 

#49735: The jquery-migrate and jquery packages are vulnerable to Cross-Site
Scripting (XSS).
--------------------------------+-----------------------------
 Reporter:  tlterry             |      Owner:  (none)
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  External Libraries  |    Version:
 Severity:  critical            |   Keywords:
  Focuses:                      |
--------------------------------+-----------------------------
 Hi WordPress,

 I am having the following issue. Can you please have a look issue how do
 we resolve it? Thank you.

 **EXPLANATION**
 The jquery-migrate and jquery packages are vulnerable to Cross-Site
 Scripting (XSS). The core.js and jquery.js files use an improper regular
 expression to check for JavaScript code and /HTML tags. It allows HTML
 when location.hash is used in the select element and renders it on the
 webpage, resulting in XSS.

 NOTE: This vulnerability has been assigned CVE-2012-6708.

 **DETECTION**
 The application is vulnerable by using this component.

 **RECOMMENDATION**
 We recommend upgrading to a version of this component that is not
 vulnerable to this specific issue.

 **ROOT CAUSE**
 jquery-migrate:1.4.1package/dist/jquery-migrate.min.js( ,1.4.1]
 jquery-migrate:1.4.1package/src/core.js( ,1.4.1]
 jquery-migrate:1.4.1package/dist/jquery-migrate.js( ,1.4.1]


 ---------------------------------------------------------------------------------------------------------

 **EXPLANATION**
 The qunitjs package is vulnerable to Cross-Site Scripting (XSS). The
 appendHeader and appendFilteredTest functions in qunit.js do not escape
 the text when using the setUrl function to render a URL (href) value. An
 attacker can exploit this vulnerability by influencing the URL value,
 which when rendered causes XSS attacks.

 **DETECTION**
 The application is vulnerable by using this component.

 **RECOMMENDATION**
 We recommend upgrading to a version of this component that is not
 vulnerable to this specific issue.

 **ROOT CAUSE**
 jquery-migrate-1.4.1.tgzpackage/qunit/qunit.js( , 1.22.0)


 ---------------------------------------------------------------------------------------------------------

 **File path**
 jquery-migrate.js located at /wp-includes/js/jquery
 jquery-migrate.min.js located at /wp-includes/js/jquery

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/49735>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list