Pagina 1 di 1

Scansione vulnerabilità con Openvas Greenbone Security Assistant

Inviato: 14/09/2022, 15:51
da afrotek71
Salve

Possiedo un NAS TS-873 Versione firmware corrente 5.0.0.2131 quindi ultima versione
Utilizzo il software Greenbone Security Assistent con motore Opnvas per effettuare scansioni di vulnerability assestment dei miei dispositivi .
Nonostante il firmware sia aggiornato mi viene rilevata la seguente vulnerabilità :jQuery < 1.9.0 XSS Vulnerability di cui riporto il report in coda:
Mi viene suggerito di aggiornare la versione fixata 1.9.0 tramite firmware del vendor, ma tuttora non è ancora stata risolta.
Avete suggerimenti in merito?

Grazie

----------------------------------------------------------------------
Summary
jQuery is vulnerable to Cross-site Scripting (XSS) attacks.
Detection Result

Installed version: 1.8.0
Fixed version: 1.9.0
Installation
path / port: /static/rest_framework_swagger/lib

Insight
The jQuery(strInput) function does not differentiate selectors
from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was
HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility
when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input
to be HTML if it explicitly starts with the '<' character, limiting exploitability only to
attackers who can control the beginning of a string, which is far less common.
Detection Method
Checks if a vulnerable version is present on the target host.
Details:

jQuery < 1.9.0 XSS Vulnerability OID: 1.3.6.1.4.1.25623.1.0.141636
Version used:

2021-06-11T08:43:18Z
Affected Software/OS
jQuery prior to version 1.9.0.
Solution
Solution Type:
Vendorfix
Update to version 1.9.0 or later.
References
CVE

CVE-2012-6708
CERT

DFN-CERT-2020-0590CB-K22/0045CB-K18/1131
Other

https://bugs.jquery.com/ticket/11290