Synchronizing your Google Calendar with SuiteCRM is now made easy with our Google Calendar Sync add-on. Now keep your important meetings organized in one place.
#5709 - jQuery 1.7.1 library vulnerabilities
The jQuery 1.7.1 library, released in 2011, has critical vulnerabilities that pose security risks, primarily related to Cross-Site Scripting (XSS). Below are the main vulnerabilities and issues:
Main Vulnerabilities
XSS via jQuery(strInput) Function (CVE-2012-6708) - Issue: The jQuery(strInput) function fails to properly distinguish between HTML and selectors, allowing attackers to inject malicious scripts by exploiting the '<' character check. - Impact: Enables execution of arbitrary scripts, potentially stealing user data (e.g., cookies, session tokens). - Severity: Medium (CVSS: 6.1). - Fix: Upgrade to jQuery 1.9.0 or later (3.7.1 recommended). XSS via the load Method (CVE-2020-7656) - Issue: The load method does not correctly handle tags with whitespace (e.g., ), allowing script injection from untrusted sources. - Impact: Attackers can execute malicious scripts, compromising user sessions. - Severity: Medium. - Fix: Upgrade to jQuery 1.9.0 or later (3.7.1 recommended). Outdated Security Practices - Issue: jQuery 1.7.1 lacks modern XSS protections (e.g., stricter input validation, secure DOM manipulation) introduced in later versions. Vulnerable methods like .html(), .append(), or AJAX calls (e.g., $.get()) increase risks if used with untrusted inputs. - Impact: Higher attack surface due to unpatched vulnerabilities and deprecated features. - Fix: Upgrade to jQuery 3.7.1 for enhanced security and compliance with current standards.
What are the plans to use newest jQuery?
one week ago
Could you please let me know the version of SuiteCRM where you installed the plugin? I tested the package and did not encounter the issue you mentioned.
4 days ago
Test the version which was provided when I signed up for the trial. While it doesn't per se cause any problem but still it's a big concern that a legacy version of jQuery is being used.
3 days ago
At the moment, we do not have any plans to update the plugin being used. However, if we decide to upgrade it in the future, we will make sure to inform you accordingly.
yesterday
Dear Customer,
Since we have answered your query. You can get back to us for any further query. Closing this ticket.
Thank you!