by Brainvire Infotech Pvt. Ltd

Synchronizing your Google Calendar with SuiteCRM is now made easy with our Google Calendar Sync add-on. Now keep your important meetings organized in one place.

Cancel at any time!
Free Trial

#5709 - jQuery 1.7.1 library vulnerabilities

Closed Bug? created by one week ago

The jQuery 1.7.1 library, released in 2011, has critical vulnerabilities that pose security risks, primarily related to Cross-Site Scripting (XSS). Below are the main vulnerabilities and issues:

Main Vulnerabilities

XSS via jQuery(strInput) Function (CVE-2012-6708) - Issue: The jQuery(strInput) function fails to properly distinguish between HTML and selectors, allowing attackers to inject malicious scripts by exploiting the '<' character check. - Impact: Enables execution of arbitrary scripts, potentially stealing user data (e.g., cookies, session tokens). - Severity: Medium (CVSS: 6.1). - Fix: Upgrade to jQuery 1.9.0 or later (3.7.1 recommended). XSS via the load Method (CVE-2020-7656) - Issue: The load method does not correctly handle tags with whitespace (e.g., ), allowing script injection from untrusted sources. - Impact: Attackers can execute malicious scripts, compromising user sessions. - Severity: Medium. - Fix: Upgrade to jQuery 1.9.0 or later (3.7.1 recommended). Outdated Security Practices - Issue: jQuery 1.7.1 lacks modern XSS protections (e.g., stricter input validation, secure DOM manipulation) introduced in later versions. Vulnerable methods like .html(), .append(), or AJAX calls (e.g., $.get()) increase risks if used with untrusted inputs. - Impact: Higher attack surface due to unpatched vulnerabilities and deprecated features. - Fix: Upgrade to jQuery 3.7.1 for enhanced security and compliance with current standards.

What are the plans to use newest jQuery?

  1. BrainvireInfotech member avatar

    Brainvire Infotech Pvt. Ltd Provider Affiliate

    one week ago

    Could you please let me know the version of SuiteCRM where you installed the plugin? I tested the package and did not encounter the issue you mentioned.

    • khavusr member avatar

      4 days ago

      Test the version which was provided when I signed up for the trial. While it doesn't per se cause any problem but still it's a big concern that a legacy version of jQuery is being used.

    • BrainvireInfotech member avatar

      Brainvire Infotech Pvt. Ltd Provider Affiliate

      3 days ago

      At the moment, we do not have any plans to update the plugin being used. However, if we decide to upgrade it in the future, we will make sure to inform you accordingly.

    • BrainvireInfotech member avatar

      Brainvire Infotech Pvt. Ltd Provider Affiliate

      yesterday

      Dear Customer,

      Since we have answered your query. You can get back to us for any further query. Closing this ticket.

      Thank you!

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
  • "Amazing support with any questions or concerns around how this add on works." - jkortus1234

    Read More Reviews