Meeting Room Booking System / Bugs / #392 XSS in bundled jquery-ui

#392 XSS in bundled jquery-ui

Milestone: Major

Status: closed

Owner: nobody

Labels: None

Priority: 1

Updated: 2018-10-19

Created: 2017-10-05

Creator: Xavier Bachelot

Private: No

mrbs 1.6.1 is bundling jquery-ui 1.11.2 which is known to be vulnerable to an XSS.
http://www.cvedetails.com/cve/CVE-2016-7103/

Discussion

Campbell Morrison - 2017-10-05

Ok, thanks. I will take a look tomorrow.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Campbell Morrison - 2017-10-06

I have now fixed this in the default branch in f92a4e by upgrading to jQuery UI 1.12.1 and jQuery 3.2.1.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Xavier Bachelot - 2017-10-12

Thank you.
Are you planning an mrbs release to fix this ?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Campbell Morrison - 2017-10-12

Yes, we'll be making a 1.6.2 release in the next couple of months.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Campbell Morrison - 2017-11-17

The 1.6.2 release turned out to be the 1.7.0 release.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Campbell Morrison - 2018-10-19

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link: