The pstoolkit from smitpi

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - bootstrap-3.3.7.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js

Path to dependency file: /docs/site/Set-TempFolder/index.html

Path to vulnerable library: /docs/site/Set-TempFolder/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryStat/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixCloudConnector/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSReports/../js/bootstrap-3.3.7.min.js,/docs/site/Set-SharedPSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FQDN/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-Module/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/bootstrap-3.3.7.min.js,/docs/site/Start-DomainControllerReplication/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-UserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-VMWareTool/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-IsFileOpen/../js/bootstrap-3.3.7.min.js,/docs/site/New-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Show-ComputerManagement/../js/bootstrap-3.3.7.min.js,/docs/site/Update-LocalHelp/../js/bootstrap-3.3.7.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-SystemOnline/../js/bootstrap-3.3.7.min.js,/docs/site/Set-UserDesktopWallpaper/../js/bootstrap-3.3.7.min.js,/docs/site/New-SuggestedInfraName/../js/bootstrap-3.3.7.min.js,/docs/site/Set-FolderCustomIcon/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/bootstrap-3.3.7.min.js,/docs/site/Get-RDSSessionReport/../js/bootstrap-3.3.7.min.js,/docs/site/Get-WinEventLogExtract/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSRoboCopy/../js/bootstrap-3.3.7.min.js,/docs/site/Install-BGInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSPendingReboot/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineScript/../js/bootstrap-3.3.7.min.js,/docs/site/Find-ChocolateyApp/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSDefaultParameter/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PropertiesToCSV/../js/bootstrap-3.3.7.min.js,/docs/site/Install-RSAT/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemUptime/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSRemote/../js/bootstrap-3.3.7.min.js,/docs/site/Show-PSToolKit/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-FaultyProfileList/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyServer/../js/bootstrap-3.3.7.min.js,/docs/site/Update-ListOfDDC/../js/bootstrap-3.3.7.min.js,/docs/site/./js/bootstrap-3.3.7.min.js,/docs/site/Get-FullADUserDetail/../js/bootstrap-3.3.7.min.js,/docs/site/Resolve-SID/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-CIMUserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSModuleInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSToolKitLog/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PowerShellAsAdmin/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSProjectFile/../js/bootstrap-3.3.7.min.js,/docs/site/Restore-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Write-Ascii/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixPolicy/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSModule/../js/bootstrap-3.3.7.min.js,/docs/site/Disable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyClient/../js/bootstrap-3.3.7.min.js,/docs/site/Install-LocalPSRepository/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSScript/../js/bootstrap-3.3.7.min.js,/docs/site/Set-StaticIP/../js/bootstrap-3.3.7.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-NestedADGroupMember/../js/bootstrap-3.3.7.min.js,/docs/site/Get-ProcessPerformance/../js/bootstrap-3.3.7.min.js,/docs/site/Install-PowerShell7x/../js/bootstrap-3.3.7.min.js,/docs/site/Search-Script/../js/bootstrap-3.3.7.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixVDAPort/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-HiddenDevice/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSScriptAnalyzer/../js/bootstrap-3.3.7.min.js,/docs/site/js/bootstrap-3.3.7.min.js,/docs/site/New-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Export-ESXTemplate/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Edit-SSHConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SoftwareAudit/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-PSGallery/../js/bootstrap-3.3.7.min.js,/docs/site/Compare-ADMembership/../js/bootstrap-3.3.7.min.js,/docs/site/Show-MyPSGalleryModule/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixClientVersion/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryReport/../js/bootstrap-3.3.7.min.js,/docs/site/New-GodModeFolder/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSReportingScript/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-PowerShellProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSMessage/../js/bootstrap-3.3.7.min.js,/docs/site/New-GoogleSearch/../js/bootstrap-3.3.7.min.js,/docs/site/Install-MSUpdate/../js/bootstrap-3.3.7.min.js,/docs/site/Connect-VMWareCluster/../js/bootstrap-3.3.7.min.js,/docs/site/Import-XamlConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineModule/../js/bootstrap-3.3.7.min.js,/docs/site/Set-WindowsAutoLogin/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PSObject/../js/bootstrap-3.3.7.min.js,/docs/site/Update-MyModulesFromGitHub/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CommandFiltered/../js/bootstrap-3.3.7.min.js,/docs/site/New-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-NFSClient/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FolderSize/../js/bootstrap-3.3.7.min.js,/docs/site/New-MSEdgeWebApp/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSGenericList/../js/bootstrap-3.3.7.min.js

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (bootstrap version)	Remediation Possible**
CVE-2019-8331	Medium	6.1	bootstrap-3.3.7.min.js	Direct	bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1	❌
CVE-2018-20677	Medium	6.1	bootstrap-3.3.7.min.js	Direct	Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0	❌
CVE-2018-20676	Medium	6.1	bootstrap-3.3.7.min.js	Direct	bootstrap - 3.4.0	❌
CVE-2018-14042	Medium	6.1	bootstrap-3.3.7.min.js	Direct	org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0	❌
CVE-2016-10735	Medium	6.1	bootstrap-3.3.7.min.js	Direct	bootstrap - 3.4.0, 4.0.0-beta.2	❌
CVE-2018-14040	Low	3.7	bootstrap-3.3.7.min.js	Direct	org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2019-8331

Vulnerable Library - bootstrap-3.3.7.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js

Path to dependency file: /docs/site/Set-TempFolder/index.html

Path to vulnerable library: /docs/site/Set-TempFolder/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryStat/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixCloudConnector/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSReports/../js/bootstrap-3.3.7.min.js,/docs/site/Set-SharedPSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FQDN/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-Module/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/bootstrap-3.3.7.min.js,/docs/site/Start-DomainControllerReplication/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-UserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-VMWareTool/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-IsFileOpen/../js/bootstrap-3.3.7.min.js,/docs/site/New-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Show-ComputerManagement/../js/bootstrap-3.3.7.min.js,/docs/site/Update-LocalHelp/../js/bootstrap-3.3.7.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-SystemOnline/../js/bootstrap-3.3.7.min.js,/docs/site/Set-UserDesktopWallpaper/../js/bootstrap-3.3.7.min.js,/docs/site/New-SuggestedInfraName/../js/bootstrap-3.3.7.min.js,/docs/site/Set-FolderCustomIcon/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/bootstrap-3.3.7.min.js,/docs/site/Get-RDSSessionReport/../js/bootstrap-3.3.7.min.js,/docs/site/Get-WinEventLogExtract/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSRoboCopy/../js/bootstrap-3.3.7.min.js,/docs/site/Install-BGInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSPendingReboot/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineScript/../js/bootstrap-3.3.7.min.js,/docs/site/Find-ChocolateyApp/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSDefaultParameter/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PropertiesToCSV/../js/bootstrap-3.3.7.min.js,/docs/site/Install-RSAT/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemUptime/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSRemote/../js/bootstrap-3.3.7.min.js,/docs/site/Show-PSToolKit/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-FaultyProfileList/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyServer/../js/bootstrap-3.3.7.min.js,/docs/site/Update-ListOfDDC/../js/bootstrap-3.3.7.min.js,/docs/site/./js/bootstrap-3.3.7.min.js,/docs/site/Get-FullADUserDetail/../js/bootstrap-3.3.7.min.js,/docs/site/Resolve-SID/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-CIMUserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSModuleInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSToolKitLog/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PowerShellAsAdmin/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSProjectFile/../js/bootstrap-3.3.7.min.js,/docs/site/Restore-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Write-Ascii/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixPolicy/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSModule/../js/bootstrap-3.3.7.min.js,/docs/site/Disable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyClient/../js/bootstrap-3.3.7.min.js,/docs/site/Install-LocalPSRepository/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSScript/../js/bootstrap-3.3.7.min.js,/docs/site/Set-StaticIP/../js/bootstrap-3.3.7.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-NestedADGroupMember/../js/bootstrap-3.3.7.min.js,/docs/site/Get-ProcessPerformance/../js/bootstrap-3.3.7.min.js,/docs/site/Install-PowerShell7x/../js/bootstrap-3.3.7.min.js,/docs/site/Search-Script/../js/bootstrap-3.3.7.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixVDAPort/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-HiddenDevice/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSScriptAnalyzer/../js/bootstrap-3.3.7.min.js,/docs/site/js/bootstrap-3.3.7.min.js,/docs/site/New-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Export-ESXTemplate/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Edit-SSHConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SoftwareAudit/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-PSGallery/../js/bootstrap-3.3.7.min.js,/docs/site/Compare-ADMembership/../js/bootstrap-3.3.7.min.js,/docs/site/Show-MyPSGalleryModule/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixClientVersion/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryReport/../js/bootstrap-3.3.7.min.js,/docs/site/New-GodModeFolder/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSReportingScript/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-PowerShellProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSMessage/../js/bootstrap-3.3.7.min.js,/docs/site/New-GoogleSearch/../js/bootstrap-3.3.7.min.js,/docs/site/Install-MSUpdate/../js/bootstrap-3.3.7.min.js,/docs/site/Connect-VMWareCluster/../js/bootstrap-3.3.7.min.js,/docs/site/Import-XamlConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineModule/../js/bootstrap-3.3.7.min.js,/docs/site/Set-WindowsAutoLogin/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PSObject/../js/bootstrap-3.3.7.min.js,/docs/site/Update-MyModulesFromGitHub/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CommandFiltered/../js/bootstrap-3.3.7.min.js,/docs/site/New-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-NFSClient/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FolderSize/../js/bootstrap-3.3.7.min.js,/docs/site/New-MSEdgeWebApp/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSGenericList/../js/bootstrap-3.3.7.min.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-02-20

Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1

Step up your Open Source Security Game with Mend here

CVE-2018-20677

Vulnerable Library - bootstrap-3.3.7.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js

Path to dependency file: /docs/site/Set-TempFolder/index.html

Path to vulnerable library: /docs/site/Set-TempFolder/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryStat/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixCloudConnector/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSReports/../js/bootstrap-3.3.7.min.js,/docs/site/Set-SharedPSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FQDN/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-Module/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/bootstrap-3.3.7.min.js,/docs/site/Start-DomainControllerReplication/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-UserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-VMWareTool/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-IsFileOpen/../js/bootstrap-3.3.7.min.js,/docs/site/New-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Show-ComputerManagement/../js/bootstrap-3.3.7.min.js,/docs/site/Update-LocalHelp/../js/bootstrap-3.3.7.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-SystemOnline/../js/bootstrap-3.3.7.min.js,/docs/site/Set-UserDesktopWallpaper/../js/bootstrap-3.3.7.min.js,/docs/site/New-SuggestedInfraName/../js/bootstrap-3.3.7.min.js,/docs/site/Set-FolderCustomIcon/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/bootstrap-3.3.7.min.js,/docs/site/Get-RDSSessionReport/../js/bootstrap-3.3.7.min.js,/docs/site/Get-WinEventLogExtract/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSRoboCopy/../js/bootstrap-3.3.7.min.js,/docs/site/Install-BGInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSPendingReboot/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineScript/../js/bootstrap-3.3.7.min.js,/docs/site/Find-ChocolateyApp/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSDefaultParameter/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PropertiesToCSV/../js/bootstrap-3.3.7.min.js,/docs/site/Install-RSAT/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemUptime/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSRemote/../js/bootstrap-3.3.7.min.js,/docs/site/Show-PSToolKit/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-FaultyProfileList/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyServer/../js/bootstrap-3.3.7.min.js,/docs/site/Update-ListOfDDC/../js/bootstrap-3.3.7.min.js,/docs/site/./js/bootstrap-3.3.7.min.js,/docs/site/Get-FullADUserDetail/../js/bootstrap-3.3.7.min.js,/docs/site/Resolve-SID/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-CIMUserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSModuleInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSToolKitLog/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PowerShellAsAdmin/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSProjectFile/../js/bootstrap-3.3.7.min.js,/docs/site/Restore-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Write-Ascii/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixPolicy/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSModule/../js/bootstrap-3.3.7.min.js,/docs/site/Disable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyClient/../js/bootstrap-3.3.7.min.js,/docs/site/Install-LocalPSRepository/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSScript/../js/bootstrap-3.3.7.min.js,/docs/site/Set-StaticIP/../js/bootstrap-3.3.7.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-NestedADGroupMember/../js/bootstrap-3.3.7.min.js,/docs/site/Get-ProcessPerformance/../js/bootstrap-3.3.7.min.js,/docs/site/Install-PowerShell7x/../js/bootstrap-3.3.7.min.js,/docs/site/Search-Script/../js/bootstrap-3.3.7.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixVDAPort/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-HiddenDevice/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSScriptAnalyzer/../js/bootstrap-3.3.7.min.js,/docs/site/js/bootstrap-3.3.7.min.js,/docs/site/New-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Export-ESXTemplate/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Edit-SSHConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SoftwareAudit/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-PSGallery/../js/bootstrap-3.3.7.min.js,/docs/site/Compare-ADMembership/../js/bootstrap-3.3.7.min.js,/docs/site/Show-MyPSGalleryModule/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixClientVersion/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryReport/../js/bootstrap-3.3.7.min.js,/docs/site/New-GodModeFolder/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSReportingScript/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-PowerShellProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSMessage/../js/bootstrap-3.3.7.min.js,/docs/site/New-GoogleSearch/../js/bootstrap-3.3.7.min.js,/docs/site/Install-MSUpdate/../js/bootstrap-3.3.7.min.js,/docs/site/Connect-VMWareCluster/../js/bootstrap-3.3.7.min.js,/docs/site/Import-XamlConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineModule/../js/bootstrap-3.3.7.min.js,/docs/site/Set-WindowsAutoLogin/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PSObject/../js/bootstrap-3.3.7.min.js,/docs/site/Update-MyModulesFromGitHub/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CommandFiltered/../js/bootstrap-3.3.7.min.js,/docs/site/New-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-NFSClient/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FolderSize/../js/bootstrap-3.3.7.min.js,/docs/site/New-MSEdgeWebApp/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSGenericList/../js/bootstrap-3.3.7.min.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Publish Date: 2019-01-09

URL: CVE-2018-20677

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677

Release Date: 2019-01-09

Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0

Step up your Open Source Security Game with Mend here

CVE-2018-20676

Vulnerable Library - bootstrap-3.3.7.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js

Path to dependency file: /docs/site/Set-TempFolder/index.html

Path to vulnerable library: /docs/site/Set-TempFolder/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryStat/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixCloudConnector/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSReports/../js/bootstrap-3.3.7.min.js,/docs/site/Set-SharedPSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FQDN/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-Module/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/bootstrap-3.3.7.min.js,/docs/site/Start-DomainControllerReplication/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-UserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-VMWareTool/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-IsFileOpen/../js/bootstrap-3.3.7.min.js,/docs/site/New-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Show-ComputerManagement/../js/bootstrap-3.3.7.min.js,/docs/site/Update-LocalHelp/../js/bootstrap-3.3.7.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-SystemOnline/../js/bootstrap-3.3.7.min.js,/docs/site/Set-UserDesktopWallpaper/../js/bootstrap-3.3.7.min.js,/docs/site/New-SuggestedInfraName/../js/bootstrap-3.3.7.min.js,/docs/site/Set-FolderCustomIcon/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/bootstrap-3.3.7.min.js,/docs/site/Get-RDSSessionReport/../js/bootstrap-3.3.7.min.js,/docs/site/Get-WinEventLogExtract/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSRoboCopy/../js/bootstrap-3.3.7.min.js,/docs/site/Install-BGInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSPendingReboot/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineScript/../js/bootstrap-3.3.7.min.js,/docs/site/Find-ChocolateyApp/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSDefaultParameter/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PropertiesToCSV/../js/bootstrap-3.3.7.min.js,/docs/site/Install-RSAT/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemUptime/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSRemote/../js/bootstrap-3.3.7.min.js,/docs/site/Show-PSToolKit/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-FaultyProfileList/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyServer/../js/bootstrap-3.3.7.min.js,/docs/site/Update-ListOfDDC/../js/bootstrap-3.3.7.min.js,/docs/site/./js/bootstrap-3.3.7.min.js,/docs/site/Get-FullADUserDetail/../js/bootstrap-3.3.7.min.js,/docs/site/Resolve-SID/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-CIMUserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSModuleInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSToolKitLog/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PowerShellAsAdmin/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSProjectFile/../js/bootstrap-3.3.7.min.js,/docs/site/Restore-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Write-Ascii/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixPolicy/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSModule/../js/bootstrap-3.3.7.min.js,/docs/site/Disable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyClient/../js/bootstrap-3.3.7.min.js,/docs/site/Install-LocalPSRepository/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSScript/../js/bootstrap-3.3.7.min.js,/docs/site/Set-StaticIP/../js/bootstrap-3.3.7.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-NestedADGroupMember/../js/bootstrap-3.3.7.min.js,/docs/site/Get-ProcessPerformance/../js/bootstrap-3.3.7.min.js,/docs/site/Install-PowerShell7x/../js/bootstrap-3.3.7.min.js,/docs/site/Search-Script/../js/bootstrap-3.3.7.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixVDAPort/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-HiddenDevice/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSScriptAnalyzer/../js/bootstrap-3.3.7.min.js,/docs/site/js/bootstrap-3.3.7.min.js,/docs/site/New-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Export-ESXTemplate/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Edit-SSHConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SoftwareAudit/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-PSGallery/../js/bootstrap-3.3.7.min.js,/docs/site/Compare-ADMembership/../js/bootstrap-3.3.7.min.js,/docs/site/Show-MyPSGalleryModule/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixClientVersion/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryReport/../js/bootstrap-3.3.7.min.js,/docs/site/New-GodModeFolder/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSReportingScript/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-PowerShellProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSMessage/../js/bootstrap-3.3.7.min.js,/docs/site/New-GoogleSearch/../js/bootstrap-3.3.7.min.js,/docs/site/Install-MSUpdate/../js/bootstrap-3.3.7.min.js,/docs/site/Connect-VMWareCluster/../js/bootstrap-3.3.7.min.js,/docs/site/Import-XamlConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineModule/../js/bootstrap-3.3.7.min.js,/docs/site/Set-WindowsAutoLogin/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PSObject/../js/bootstrap-3.3.7.min.js,/docs/site/Update-MyModulesFromGitHub/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CommandFiltered/../js/bootstrap-3.3.7.min.js,/docs/site/New-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-NFSClient/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FolderSize/../js/bootstrap-3.3.7.min.js,/docs/site/New-MSEdgeWebApp/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSGenericList/../js/bootstrap-3.3.7.min.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

Publish Date: 2019-01-09

URL: CVE-2018-20676

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0

Step up your Open Source Security Game with Mend here

CVE-2018-14042

Vulnerable Library - bootstrap-3.3.7.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js

Path to dependency file: /docs/site/Set-TempFolder/index.html

Path to vulnerable library: /docs/site/Set-TempFolder/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryStat/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixCloudConnector/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSReports/../js/bootstrap-3.3.7.min.js,/docs/site/Set-SharedPSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FQDN/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-Module/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/bootstrap-3.3.7.min.js,/docs/site/Start-DomainControllerReplication/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-UserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-VMWareTool/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-IsFileOpen/../js/bootstrap-3.3.7.min.js,/docs/site/New-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Show-ComputerManagement/../js/bootstrap-3.3.7.min.js,/docs/site/Update-LocalHelp/../js/bootstrap-3.3.7.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-SystemOnline/../js/bootstrap-3.3.7.min.js,/docs/site/Set-UserDesktopWallpaper/../js/bootstrap-3.3.7.min.js,/docs/site/New-SuggestedInfraName/../js/bootstrap-3.3.7.min.js,/docs/site/Set-FolderCustomIcon/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/bootstrap-3.3.7.min.js,/docs/site/Get-RDSSessionReport/../js/bootstrap-3.3.7.min.js,/docs/site/Get-WinEventLogExtract/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSRoboCopy/../js/bootstrap-3.3.7.min.js,/docs/site/Install-BGInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSPendingReboot/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineScript/../js/bootstrap-3.3.7.min.js,/docs/site/Find-ChocolateyApp/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSDefaultParameter/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PropertiesToCSV/../js/bootstrap-3.3.7.min.js,/docs/site/Install-RSAT/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemUptime/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSRemote/../js/bootstrap-3.3.7.min.js,/docs/site/Show-PSToolKit/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-FaultyProfileList/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyServer/../js/bootstrap-3.3.7.min.js,/docs/site/Update-ListOfDDC/../js/bootstrap-3.3.7.min.js,/docs/site/./js/bootstrap-3.3.7.min.js,/docs/site/Get-FullADUserDetail/../js/bootstrap-3.3.7.min.js,/docs/site/Resolve-SID/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-CIMUserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSModuleInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSToolKitLog/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PowerShellAsAdmin/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSProjectFile/../js/bootstrap-3.3.7.min.js,/docs/site/Restore-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Write-Ascii/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixPolicy/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSModule/../js/bootstrap-3.3.7.min.js,/docs/site/Disable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyClient/../js/bootstrap-3.3.7.min.js,/docs/site/Install-LocalPSRepository/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSScript/../js/bootstrap-3.3.7.min.js,/docs/site/Set-StaticIP/../js/bootstrap-3.3.7.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-NestedADGroupMember/../js/bootstrap-3.3.7.min.js,/docs/site/Get-ProcessPerformance/../js/bootstrap-3.3.7.min.js,/docs/site/Install-PowerShell7x/../js/bootstrap-3.3.7.min.js,/docs/site/Search-Script/../js/bootstrap-3.3.7.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixVDAPort/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-HiddenDevice/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSScriptAnalyzer/../js/bootstrap-3.3.7.min.js,/docs/site/js/bootstrap-3.3.7.min.js,/docs/site/New-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Export-ESXTemplate/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Edit-SSHConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SoftwareAudit/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-PSGallery/../js/bootstrap-3.3.7.min.js,/docs/site/Compare-ADMembership/../js/bootstrap-3.3.7.min.js,/docs/site/Show-MyPSGalleryModule/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixClientVersion/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryReport/../js/bootstrap-3.3.7.min.js,/docs/site/New-GodModeFolder/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSReportingScript/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-PowerShellProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSMessage/../js/bootstrap-3.3.7.min.js,/docs/site/New-GoogleSearch/../js/bootstrap-3.3.7.min.js,/docs/site/Install-MSUpdate/../js/bootstrap-3.3.7.min.js,/docs/site/Connect-VMWareCluster/../js/bootstrap-3.3.7.min.js,/docs/site/Import-XamlConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineModule/../js/bootstrap-3.3.7.min.js,/docs/site/Set-WindowsAutoLogin/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PSObject/../js/bootstrap-3.3.7.min.js,/docs/site/Update-MyModulesFromGitHub/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CommandFiltered/../js/bootstrap-3.3.7.min.js,/docs/site/New-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-NFSClient/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FolderSize/../js/bootstrap-3.3.7.min.js,/docs/site/New-MSEdgeWebApp/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSGenericList/../js/bootstrap-3.3.7.min.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0

Step up your Open Source Security Game with Mend here

CVE-2016-10735

Vulnerable Library - bootstrap-3.3.7.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js

Path to dependency file: /docs/site/Set-TempFolder/index.html

Path to vulnerable library: /docs/site/Set-TempFolder/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryStat/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixCloudConnector/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSReports/../js/bootstrap-3.3.7.min.js,/docs/site/Set-SharedPSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FQDN/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-Module/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/bootstrap-3.3.7.min.js,/docs/site/Start-DomainControllerReplication/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-UserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-VMWareTool/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-IsFileOpen/../js/bootstrap-3.3.7.min.js,/docs/site/New-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Show-ComputerManagement/../js/bootstrap-3.3.7.min.js,/docs/site/Update-LocalHelp/../js/bootstrap-3.3.7.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-SystemOnline/../js/bootstrap-3.3.7.min.js,/docs/site/Set-UserDesktopWallpaper/../js/bootstrap-3.3.7.min.js,/docs/site/New-SuggestedInfraName/../js/bootstrap-3.3.7.min.js,/docs/site/Set-FolderCustomIcon/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/bootstrap-3.3.7.min.js,/docs/site/Get-RDSSessionReport/../js/bootstrap-3.3.7.min.js,/docs/site/Get-WinEventLogExtract/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSRoboCopy/../js/bootstrap-3.3.7.min.js,/docs/site/Install-BGInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSPendingReboot/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineScript/../js/bootstrap-3.3.7.min.js,/docs/site/Find-ChocolateyApp/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSDefaultParameter/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PropertiesToCSV/../js/bootstrap-3.3.7.min.js,/docs/site/Install-RSAT/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemUptime/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSRemote/../js/bootstrap-3.3.7.min.js,/docs/site/Show-PSToolKit/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-FaultyProfileList/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyServer/../js/bootstrap-3.3.7.min.js,/docs/site/Update-ListOfDDC/../js/bootstrap-3.3.7.min.js,/docs/site/./js/bootstrap-3.3.7.min.js,/docs/site/Get-FullADUserDetail/../js/bootstrap-3.3.7.min.js,/docs/site/Resolve-SID/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-CIMUserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSModuleInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSToolKitLog/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PowerShellAsAdmin/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSProjectFile/../js/bootstrap-3.3.7.min.js,/docs/site/Restore-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Write-Ascii/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixPolicy/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSModule/../js/bootstrap-3.3.7.min.js,/docs/site/Disable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyClient/../js/bootstrap-3.3.7.min.js,/docs/site/Install-LocalPSRepository/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSScript/../js/bootstrap-3.3.7.min.js,/docs/site/Set-StaticIP/../js/bootstrap-3.3.7.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-NestedADGroupMember/../js/bootstrap-3.3.7.min.js,/docs/site/Get-ProcessPerformance/../js/bootstrap-3.3.7.min.js,/docs/site/Install-PowerShell7x/../js/bootstrap-3.3.7.min.js,/docs/site/Search-Script/../js/bootstrap-3.3.7.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixVDAPort/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-HiddenDevice/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSScriptAnalyzer/../js/bootstrap-3.3.7.min.js,/docs/site/js/bootstrap-3.3.7.min.js,/docs/site/New-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Export-ESXTemplate/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Edit-SSHConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SoftwareAudit/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-PSGallery/../js/bootstrap-3.3.7.min.js,/docs/site/Compare-ADMembership/../js/bootstrap-3.3.7.min.js,/docs/site/Show-MyPSGalleryModule/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixClientVersion/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryReport/../js/bootstrap-3.3.7.min.js,/docs/site/New-GodModeFolder/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSReportingScript/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-PowerShellProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSMessage/../js/bootstrap-3.3.7.min.js,/docs/site/New-GoogleSearch/../js/bootstrap-3.3.7.min.js,/docs/site/Install-MSUpdate/../js/bootstrap-3.3.7.min.js,/docs/site/Connect-VMWareCluster/../js/bootstrap-3.3.7.min.js,/docs/site/Import-XamlConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineModule/../js/bootstrap-3.3.7.min.js,/docs/site/Set-WindowsAutoLogin/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PSObject/../js/bootstrap-3.3.7.min.js,/docs/site/Update-MyModulesFromGitHub/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CommandFiltered/../js/bootstrap-3.3.7.min.js,/docs/site/New-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-NFSClient/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FolderSize/../js/bootstrap-3.3.7.min.js,/docs/site/New-MSEdgeWebApp/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSGenericList/../js/bootstrap-3.3.7.min.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

Publish Date: 2019-01-09

URL: CVE-2016-10735

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2

Step up your Open Source Security Game with Mend here

CVE-2018-14040

Vulnerable Library - bootstrap-3.3.7.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js

Path to dependency file: /docs/site/Set-TempFolder/index.html

Path to vulnerable library: /docs/site/Set-TempFolder/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryStat/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixCloudConnector/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSReports/../js/bootstrap-3.3.7.min.js,/docs/site/Set-SharedPSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FQDN/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-Module/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/bootstrap-3.3.7.min.js,/docs/site/Start-DomainControllerReplication/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-UserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-VMWareTool/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-IsFileOpen/../js/bootstrap-3.3.7.min.js,/docs/site/New-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Show-ComputerManagement/../js/bootstrap-3.3.7.min.js,/docs/site/Update-LocalHelp/../js/bootstrap-3.3.7.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-SystemOnline/../js/bootstrap-3.3.7.min.js,/docs/site/Set-UserDesktopWallpaper/../js/bootstrap-3.3.7.min.js,/docs/site/New-SuggestedInfraName/../js/bootstrap-3.3.7.min.js,/docs/site/Set-FolderCustomIcon/../js/bootstrap-3.3.7.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/bootstrap-3.3.7.min.js,/docs/site/Get-RDSSessionReport/../js/bootstrap-3.3.7.min.js,/docs/site/Get-WinEventLogExtract/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSRoboCopy/../js/bootstrap-3.3.7.min.js,/docs/site/Install-BGInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSPendingReboot/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineScript/../js/bootstrap-3.3.7.min.js,/docs/site/Find-ChocolateyApp/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSDefaultParameter/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PropertiesToCSV/../js/bootstrap-3.3.7.min.js,/docs/site/Install-RSAT/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SystemUptime/../js/bootstrap-3.3.7.min.js,/docs/site/Test-PSRemote/../js/bootstrap-3.3.7.min.js,/docs/site/Show-PSToolKit/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-FaultyProfileList/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyServer/../js/bootstrap-3.3.7.min.js,/docs/site/Update-ListOfDDC/../js/bootstrap-3.3.7.min.js,/docs/site/./js/bootstrap-3.3.7.min.js,/docs/site/Get-FullADUserDetail/../js/bootstrap-3.3.7.min.js,/docs/site/Resolve-SID/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-CIMUserProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Update-PSModuleInfo/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSToolKitLog/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PowerShellAsAdmin/../js/bootstrap-3.3.7.min.js,/docs/site/Set-PSProjectFile/../js/bootstrap-3.3.7.min.js,/docs/site/Restore-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Write-Ascii/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixPolicy/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSModule/../js/bootstrap-3.3.7.min.js,/docs/site/Disable-WebEncoding/../js/bootstrap-3.3.7.min.js,/docs/site/Install-ChocolateyClient/../js/bootstrap-3.3.7.min.js,/docs/site/Install-LocalPSRepository/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSScript/../js/bootstrap-3.3.7.min.js,/docs/site/Set-StaticIP/../js/bootstrap-3.3.7.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-NestedADGroupMember/../js/bootstrap-3.3.7.min.js,/docs/site/Get-ProcessPerformance/../js/bootstrap-3.3.7.min.js,/docs/site/Install-PowerShell7x/../js/bootstrap-3.3.7.min.js,/docs/site/Search-Script/../js/bootstrap-3.3.7.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/bootstrap-3.3.7.min.js,/docs/site/Test-CitrixVDAPort/../js/bootstrap-3.3.7.min.js,/docs/site/Remove-HiddenDevice/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSScriptAnalyzer/../js/bootstrap-3.3.7.min.js,/docs/site/js/bootstrap-3.3.7.min.js,/docs/site/New-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Export-ESXTemplate/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-ElevatedShortcut/../js/bootstrap-3.3.7.min.js,/docs/site/Edit-SSHConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Get-SoftwareAudit/../js/bootstrap-3.3.7.min.js,/docs/site/Reset-PSGallery/../js/bootstrap-3.3.7.min.js,/docs/site/Compare-ADMembership/../js/bootstrap-3.3.7.min.js,/docs/site/Show-MyPSGalleryModule/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CitrixClientVersion/../js/bootstrap-3.3.7.min.js,/docs/site/Get-MyPSGalleryReport/../js/bootstrap-3.3.7.min.js,/docs/site/New-GodModeFolder/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSReportingScript/../js/bootstrap-3.3.7.min.js,/docs/site/Backup-PowerShellProfile/../js/bootstrap-3.3.7.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/bootstrap-3.3.7.min.js,/docs/site/Write-PSMessage/../js/bootstrap-3.3.7.min.js,/docs/site/New-GoogleSearch/../js/bootstrap-3.3.7.min.js,/docs/site/Install-MSUpdate/../js/bootstrap-3.3.7.min.js,/docs/site/Connect-VMWareCluster/../js/bootstrap-3.3.7.min.js,/docs/site/Import-XamlConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Find-OnlineModule/../js/bootstrap-3.3.7.min.js,/docs/site/Set-WindowsAutoLogin/../js/bootstrap-3.3.7.min.js,/docs/site/Get-PSObject/../js/bootstrap-3.3.7.min.js,/docs/site/Update-MyModulesFromGitHub/../js/bootstrap-3.3.7.min.js,/docs/site/Get-CommandFiltered/../js/bootstrap-3.3.7.min.js,/docs/site/New-CitrixSiteConfigFile/../js/bootstrap-3.3.7.min.js,/docs/site/Install-NFSClient/../js/bootstrap-3.3.7.min.js,/docs/site/Get-FolderSize/../js/bootstrap-3.3.7.min.js,/docs/site/New-MSEdgeWebApp/../js/bootstrap-3.3.7.min.js,/docs/site/Start-PSProfile/../js/bootstrap-3.3.7.min.js,/docs/site/New-PSGenericList/../js/bootstrap-3.3.7.min.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

CVSS 3 Score Details (3.7)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0

Step up your Open Source Security Game with Mend here

jquery-3.2.1.min.js: 4 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to dependency file: /docs/site/Install-LocalPSRepository/index.html

Path to vulnerable library: /docs/site/Install-LocalPSRepository/../js/jquery-3.2.1.min.js,/docs/site/Remove-CIMUserProfile/../js/jquery-3.2.1.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/jquery-3.2.1.min.js,/docs/site/Write-Ascii/../js/jquery-3.2.1.min.js,/docs/site/Test-PSRemote/../js/jquery-3.2.1.min.js,/docs/site/Backup-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Install-MSUpdate/../js/jquery-3.2.1.min.js,/docs/site/Disable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/Install-VMWareTool/../js/jquery-3.2.1.min.js,/docs/site/Remove-UserProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-FQDN/../js/jquery-3.2.1.min.js,/docs/site/Install-RSAT/../js/jquery-3.2.1.min.js,/docs/site/Show-ComputerManagement/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyServer/../js/jquery-3.2.1.min.js,/docs/site/./js/jquery-3.2.1.min.js,/docs/site/js/jquery-3.2.1.min.js,/docs/site/Get-NestedADGroupMember/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixClientVersion/../js/jquery-3.2.1.min.js,/docs/site/Remove-FaultyProfileList/../js/jquery-3.2.1.min.js,/docs/site/Import-XamlConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Install-PowerShell7x/../js/jquery-3.2.1.min.js,/docs/site/Test-IsFileOpen/../js/jquery-3.2.1.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/jquery-3.2.1.min.js,/docs/site/Start-DomainControllerReplication/../js/jquery-3.2.1.min.js,/docs/site/Update-MyModulesFromGitHub/../js/jquery-3.2.1.min.js,/docs/site/Test-SystemOnline/../js/jquery-3.2.1.min.js,/docs/site/Show-MyPSGalleryModule/../js/jquery-3.2.1.min.js,/docs/site/Test-PSPendingReboot/../js/jquery-3.2.1.min.js,/docs/site/Edit-SSHConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Update-ListOfDDC/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryReport/../js/jquery-3.2.1.min.js,/docs/site/New-PSModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PowerShellAsAdmin/../js/jquery-3.2.1.min.js,/docs/site/Get-WinEventLogExtract/../js/jquery-3.2.1.min.js,/docs/site/Update-PSDefaultParameter/../js/jquery-3.2.1.min.js,/docs/site/Get-FolderSize/../js/jquery-3.2.1.min.js,/docs/site/Get-PropertiesToCSV/../js/jquery-3.2.1.min.js,/docs/site/New-PSScript/../js/jquery-3.2.1.min.js,/docs/site/Connect-VMWareCluster/../js/jquery-3.2.1.min.js,/docs/site/Set-PSProjectFile/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixPolicy/../js/jquery-3.2.1.min.js,/docs/site/Resolve-SID/../js/jquery-3.2.1.min.js,/docs/site/New-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineScript/../js/jquery-3.2.1.min.js,/docs/site/Install-NFSClient/../js/jquery-3.2.1.min.js,/docs/site/Search-Script/../js/jquery-3.2.1.min.js,/docs/site/New-PSGenericList/../js/jquery-3.2.1.min.js,/docs/site/New-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Set-TempFolder/../js/jquery-3.2.1.min.js,/docs/site/Set-WindowsAutoLogin/../js/jquery-3.2.1.min.js,/docs/site/Get-CommandFiltered/../js/jquery-3.2.1.min.js,/docs/site/New-PSReportingScript/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemUptime/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixCloudConnector/../js/jquery-3.2.1.min.js,/docs/site/Install-BGInfo/../js/jquery-3.2.1.min.js,/docs/site/Get-SoftwareAudit/../js/jquery-3.2.1.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/jquery-3.2.1.min.js,/docs/site/Start-PSScriptAnalyzer/../js/jquery-3.2.1.min.js,/docs/site/Reset-Module/../js/jquery-3.2.1.min.js,/docs/site/Get-PSObject/../js/jquery-3.2.1.min.js,/docs/site/New-SuggestedInfraName/../js/jquery-3.2.1.min.js,/docs/site/New-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixVDAPort/../js/jquery-3.2.1.min.js,/docs/site/Remove-HiddenDevice/../js/jquery-3.2.1.min.js,/docs/site/Reset-PSGallery/../js/jquery-3.2.1.min.js,/docs/site/Set-SharedPSProfile/../js/jquery-3.2.1.min.js,/docs/site/New-MSEdgeWebApp/../js/jquery-3.2.1.min.js,/docs/site/Write-PSToolKitLog/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/jquery-3.2.1.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/jquery-3.2.1.min.js,/docs/site/Find-ChocolateyApp/../js/jquery-3.2.1.min.js,/docs/site/Start-PSRoboCopy/../js/jquery-3.2.1.min.js,/docs/site/Compare-ADMembership/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyClient/../js/jquery-3.2.1.min.js,/docs/site/Enable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/New-GodModeFolder/../js/jquery-3.2.1.min.js,/docs/site/Get-ProcessPerformance/../js/jquery-3.2.1.min.js,/docs/site/Backup-PowerShellProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-RDSSessionReport/../js/jquery-3.2.1.min.js,/docs/site/Write-PSMessage/../js/jquery-3.2.1.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryStat/../js/jquery-3.2.1.min.js,/docs/site/Show-PSToolKit/../js/jquery-3.2.1.min.js,/docs/site/Get-FullADUserDetail/../js/jquery-3.2.1.min.js,/docs/site/Update-LocalHelp/../js/jquery-3.2.1.min.js,/docs/site/Update-PSModuleInfo/../js/jquery-3.2.1.min.js,/docs/site/Restore-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Set-FolderCustomIcon/../js/jquery-3.2.1.min.js,/docs/site/Set-StaticIP/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemInfo/../js/jquery-3.2.1.min.js,/docs/site/New-GoogleSearch/../js/jquery-3.2.1.min.js,/docs/site/Write-PSReports/../js/jquery-3.2.1.min.js,/docs/site/Export-ESXTemplate/../js/jquery-3.2.1.min.js,/docs/site/Set-UserDesktopWallpaper/../js/jquery-3.2.1.min.js

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (jquery version)	Remediation Possible**
CVE-2020-23064	Medium	6.1	jquery-3.2.1.min.js	Direct	jquery - 3.5.0	❌
CVE-2020-11023	Medium	6.1	jquery-3.2.1.min.js	Direct	jquery - 3.5.0;jquery-rails - 4.4.0	❌
CVE-2020-11022	Medium	6.1	jquery-3.2.1.min.js	Direct	jQuery - 3.5.0	❌
CVE-2019-11358	Medium	6.1	jquery-3.2.1.min.js	Direct	jquery - 3.4.0	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-23064

Vulnerable Library - jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to dependency file: /docs/site/Install-LocalPSRepository/index.html

Path to vulnerable library: /docs/site/Install-LocalPSRepository/../js/jquery-3.2.1.min.js,/docs/site/Remove-CIMUserProfile/../js/jquery-3.2.1.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/jquery-3.2.1.min.js,/docs/site/Write-Ascii/../js/jquery-3.2.1.min.js,/docs/site/Test-PSRemote/../js/jquery-3.2.1.min.js,/docs/site/Backup-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Install-MSUpdate/../js/jquery-3.2.1.min.js,/docs/site/Disable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/Install-VMWareTool/../js/jquery-3.2.1.min.js,/docs/site/Remove-UserProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-FQDN/../js/jquery-3.2.1.min.js,/docs/site/Install-RSAT/../js/jquery-3.2.1.min.js,/docs/site/Show-ComputerManagement/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyServer/../js/jquery-3.2.1.min.js,/docs/site/./js/jquery-3.2.1.min.js,/docs/site/js/jquery-3.2.1.min.js,/docs/site/Get-NestedADGroupMember/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixClientVersion/../js/jquery-3.2.1.min.js,/docs/site/Remove-FaultyProfileList/../js/jquery-3.2.1.min.js,/docs/site/Import-XamlConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Install-PowerShell7x/../js/jquery-3.2.1.min.js,/docs/site/Test-IsFileOpen/../js/jquery-3.2.1.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/jquery-3.2.1.min.js,/docs/site/Start-DomainControllerReplication/../js/jquery-3.2.1.min.js,/docs/site/Update-MyModulesFromGitHub/../js/jquery-3.2.1.min.js,/docs/site/Test-SystemOnline/../js/jquery-3.2.1.min.js,/docs/site/Show-MyPSGalleryModule/../js/jquery-3.2.1.min.js,/docs/site/Test-PSPendingReboot/../js/jquery-3.2.1.min.js,/docs/site/Edit-SSHConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Update-ListOfDDC/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryReport/../js/jquery-3.2.1.min.js,/docs/site/New-PSModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PowerShellAsAdmin/../js/jquery-3.2.1.min.js,/docs/site/Get-WinEventLogExtract/../js/jquery-3.2.1.min.js,/docs/site/Update-PSDefaultParameter/../js/jquery-3.2.1.min.js,/docs/site/Get-FolderSize/../js/jquery-3.2.1.min.js,/docs/site/Get-PropertiesToCSV/../js/jquery-3.2.1.min.js,/docs/site/New-PSScript/../js/jquery-3.2.1.min.js,/docs/site/Connect-VMWareCluster/../js/jquery-3.2.1.min.js,/docs/site/Set-PSProjectFile/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixPolicy/../js/jquery-3.2.1.min.js,/docs/site/Resolve-SID/../js/jquery-3.2.1.min.js,/docs/site/New-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineScript/../js/jquery-3.2.1.min.js,/docs/site/Install-NFSClient/../js/jquery-3.2.1.min.js,/docs/site/Search-Script/../js/jquery-3.2.1.min.js,/docs/site/New-PSGenericList/../js/jquery-3.2.1.min.js,/docs/site/New-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Set-TempFolder/../js/jquery-3.2.1.min.js,/docs/site/Set-WindowsAutoLogin/../js/jquery-3.2.1.min.js,/docs/site/Get-CommandFiltered/../js/jquery-3.2.1.min.js,/docs/site/New-PSReportingScript/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemUptime/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixCloudConnector/../js/jquery-3.2.1.min.js,/docs/site/Install-BGInfo/../js/jquery-3.2.1.min.js,/docs/site/Get-SoftwareAudit/../js/jquery-3.2.1.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/jquery-3.2.1.min.js,/docs/site/Start-PSScriptAnalyzer/../js/jquery-3.2.1.min.js,/docs/site/Reset-Module/../js/jquery-3.2.1.min.js,/docs/site/Get-PSObject/../js/jquery-3.2.1.min.js,/docs/site/New-SuggestedInfraName/../js/jquery-3.2.1.min.js,/docs/site/New-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixVDAPort/../js/jquery-3.2.1.min.js,/docs/site/Remove-HiddenDevice/../js/jquery-3.2.1.min.js,/docs/site/Reset-PSGallery/../js/jquery-3.2.1.min.js,/docs/site/Set-SharedPSProfile/../js/jquery-3.2.1.min.js,/docs/site/New-MSEdgeWebApp/../js/jquery-3.2.1.min.js,/docs/site/Write-PSToolKitLog/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/jquery-3.2.1.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/jquery-3.2.1.min.js,/docs/site/Find-ChocolateyApp/../js/jquery-3.2.1.min.js,/docs/site/Start-PSRoboCopy/../js/jquery-3.2.1.min.js,/docs/site/Compare-ADMembership/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyClient/../js/jquery-3.2.1.min.js,/docs/site/Enable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/New-GodModeFolder/../js/jquery-3.2.1.min.js,/docs/site/Get-ProcessPerformance/../js/jquery-3.2.1.min.js,/docs/site/Backup-PowerShellProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-RDSSessionReport/../js/jquery-3.2.1.min.js,/docs/site/Write-PSMessage/../js/jquery-3.2.1.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryStat/../js/jquery-3.2.1.min.js,/docs/site/Show-PSToolKit/../js/jquery-3.2.1.min.js,/docs/site/Get-FullADUserDetail/../js/jquery-3.2.1.min.js,/docs/site/Update-LocalHelp/../js/jquery-3.2.1.min.js,/docs/site/Update-PSModuleInfo/../js/jquery-3.2.1.min.js,/docs/site/Restore-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Set-FolderCustomIcon/../js/jquery-3.2.1.min.js,/docs/site/Set-StaticIP/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemInfo/../js/jquery-3.2.1.min.js,/docs/site/New-GoogleSearch/../js/jquery-3.2.1.min.js,/docs/site/Write-PSReports/../js/jquery-3.2.1.min.js,/docs/site/Export-ESXTemplate/../js/jquery-3.2.1.min.js,/docs/site/Set-UserDesktopWallpaper/../js/jquery-3.2.1.min.js

Dependency Hierarchy:

❌ jquery-3.2.1.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element.

Publish Date: 2023-06-26

URL: CVE-2020-23064

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2023-06-26

Fix Resolution: jquery - 3.5.0

Step up your Open Source Security Game with Mend here

CVE-2020-11023

Vulnerable Library - jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to dependency file: /docs/site/Install-LocalPSRepository/index.html

Path to vulnerable library: /docs/site/Install-LocalPSRepository/../js/jquery-3.2.1.min.js,/docs/site/Remove-CIMUserProfile/../js/jquery-3.2.1.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/jquery-3.2.1.min.js,/docs/site/Write-Ascii/../js/jquery-3.2.1.min.js,/docs/site/Test-PSRemote/../js/jquery-3.2.1.min.js,/docs/site/Backup-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Install-MSUpdate/../js/jquery-3.2.1.min.js,/docs/site/Disable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/Install-VMWareTool/../js/jquery-3.2.1.min.js,/docs/site/Remove-UserProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-FQDN/../js/jquery-3.2.1.min.js,/docs/site/Install-RSAT/../js/jquery-3.2.1.min.js,/docs/site/Show-ComputerManagement/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyServer/../js/jquery-3.2.1.min.js,/docs/site/./js/jquery-3.2.1.min.js,/docs/site/js/jquery-3.2.1.min.js,/docs/site/Get-NestedADGroupMember/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixClientVersion/../js/jquery-3.2.1.min.js,/docs/site/Remove-FaultyProfileList/../js/jquery-3.2.1.min.js,/docs/site/Import-XamlConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Install-PowerShell7x/../js/jquery-3.2.1.min.js,/docs/site/Test-IsFileOpen/../js/jquery-3.2.1.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/jquery-3.2.1.min.js,/docs/site/Start-DomainControllerReplication/../js/jquery-3.2.1.min.js,/docs/site/Update-MyModulesFromGitHub/../js/jquery-3.2.1.min.js,/docs/site/Test-SystemOnline/../js/jquery-3.2.1.min.js,/docs/site/Show-MyPSGalleryModule/../js/jquery-3.2.1.min.js,/docs/site/Test-PSPendingReboot/../js/jquery-3.2.1.min.js,/docs/site/Edit-SSHConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Update-ListOfDDC/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryReport/../js/jquery-3.2.1.min.js,/docs/site/New-PSModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PowerShellAsAdmin/../js/jquery-3.2.1.min.js,/docs/site/Get-WinEventLogExtract/../js/jquery-3.2.1.min.js,/docs/site/Update-PSDefaultParameter/../js/jquery-3.2.1.min.js,/docs/site/Get-FolderSize/../js/jquery-3.2.1.min.js,/docs/site/Get-PropertiesToCSV/../js/jquery-3.2.1.min.js,/docs/site/New-PSScript/../js/jquery-3.2.1.min.js,/docs/site/Connect-VMWareCluster/../js/jquery-3.2.1.min.js,/docs/site/Set-PSProjectFile/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixPolicy/../js/jquery-3.2.1.min.js,/docs/site/Resolve-SID/../js/jquery-3.2.1.min.js,/docs/site/New-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineScript/../js/jquery-3.2.1.min.js,/docs/site/Install-NFSClient/../js/jquery-3.2.1.min.js,/docs/site/Search-Script/../js/jquery-3.2.1.min.js,/docs/site/New-PSGenericList/../js/jquery-3.2.1.min.js,/docs/site/New-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Set-TempFolder/../js/jquery-3.2.1.min.js,/docs/site/Set-WindowsAutoLogin/../js/jquery-3.2.1.min.js,/docs/site/Get-CommandFiltered/../js/jquery-3.2.1.min.js,/docs/site/New-PSReportingScript/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemUptime/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixCloudConnector/../js/jquery-3.2.1.min.js,/docs/site/Install-BGInfo/../js/jquery-3.2.1.min.js,/docs/site/Get-SoftwareAudit/../js/jquery-3.2.1.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/jquery-3.2.1.min.js,/docs/site/Start-PSScriptAnalyzer/../js/jquery-3.2.1.min.js,/docs/site/Reset-Module/../js/jquery-3.2.1.min.js,/docs/site/Get-PSObject/../js/jquery-3.2.1.min.js,/docs/site/New-SuggestedInfraName/../js/jquery-3.2.1.min.js,/docs/site/New-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixVDAPort/../js/jquery-3.2.1.min.js,/docs/site/Remove-HiddenDevice/../js/jquery-3.2.1.min.js,/docs/site/Reset-PSGallery/../js/jquery-3.2.1.min.js,/docs/site/Set-SharedPSProfile/../js/jquery-3.2.1.min.js,/docs/site/New-MSEdgeWebApp/../js/jquery-3.2.1.min.js,/docs/site/Write-PSToolKitLog/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/jquery-3.2.1.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/jquery-3.2.1.min.js,/docs/site/Find-ChocolateyApp/../js/jquery-3.2.1.min.js,/docs/site/Start-PSRoboCopy/../js/jquery-3.2.1.min.js,/docs/site/Compare-ADMembership/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyClient/../js/jquery-3.2.1.min.js,/docs/site/Enable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/New-GodModeFolder/../js/jquery-3.2.1.min.js,/docs/site/Get-ProcessPerformance/../js/jquery-3.2.1.min.js,/docs/site/Backup-PowerShellProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-RDSSessionReport/../js/jquery-3.2.1.min.js,/docs/site/Write-PSMessage/../js/jquery-3.2.1.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryStat/../js/jquery-3.2.1.min.js,/docs/site/Show-PSToolKit/../js/jquery-3.2.1.min.js,/docs/site/Get-FullADUserDetail/../js/jquery-3.2.1.min.js,/docs/site/Update-LocalHelp/../js/jquery-3.2.1.min.js,/docs/site/Update-PSModuleInfo/../js/jquery-3.2.1.min.js,/docs/site/Restore-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Set-FolderCustomIcon/../js/jquery-3.2.1.min.js,/docs/site/Set-StaticIP/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemInfo/../js/jquery-3.2.1.min.js,/docs/site/New-GoogleSearch/../js/jquery-3.2.1.min.js,/docs/site/Write-PSReports/../js/jquery-3.2.1.min.js,/docs/site/Export-ESXTemplate/../js/jquery-3.2.1.min.js,/docs/site/Set-UserDesktopWallpaper/../js/jquery-3.2.1.min.js

Dependency Hierarchy:

❌ jquery-3.2.1.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

Step up your Open Source Security Game with Mend here

CVE-2020-11022

Vulnerable Library - jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to dependency file: /docs/site/Install-LocalPSRepository/index.html

Path to vulnerable library: /docs/site/Install-LocalPSRepository/../js/jquery-3.2.1.min.js,/docs/site/Remove-CIMUserProfile/../js/jquery-3.2.1.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/jquery-3.2.1.min.js,/docs/site/Write-Ascii/../js/jquery-3.2.1.min.js,/docs/site/Test-PSRemote/../js/jquery-3.2.1.min.js,/docs/site/Backup-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Install-MSUpdate/../js/jquery-3.2.1.min.js,/docs/site/Disable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/Install-VMWareTool/../js/jquery-3.2.1.min.js,/docs/site/Remove-UserProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-FQDN/../js/jquery-3.2.1.min.js,/docs/site/Install-RSAT/../js/jquery-3.2.1.min.js,/docs/site/Show-ComputerManagement/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyServer/../js/jquery-3.2.1.min.js,/docs/site/./js/jquery-3.2.1.min.js,/docs/site/js/jquery-3.2.1.min.js,/docs/site/Get-NestedADGroupMember/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixClientVersion/../js/jquery-3.2.1.min.js,/docs/site/Remove-FaultyProfileList/../js/jquery-3.2.1.min.js,/docs/site/Import-XamlConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Install-PowerShell7x/../js/jquery-3.2.1.min.js,/docs/site/Test-IsFileOpen/../js/jquery-3.2.1.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/jquery-3.2.1.min.js,/docs/site/Start-DomainControllerReplication/../js/jquery-3.2.1.min.js,/docs/site/Update-MyModulesFromGitHub/../js/jquery-3.2.1.min.js,/docs/site/Test-SystemOnline/../js/jquery-3.2.1.min.js,/docs/site/Show-MyPSGalleryModule/../js/jquery-3.2.1.min.js,/docs/site/Test-PSPendingReboot/../js/jquery-3.2.1.min.js,/docs/site/Edit-SSHConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Update-ListOfDDC/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryReport/../js/jquery-3.2.1.min.js,/docs/site/New-PSModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PowerShellAsAdmin/../js/jquery-3.2.1.min.js,/docs/site/Get-WinEventLogExtract/../js/jquery-3.2.1.min.js,/docs/site/Update-PSDefaultParameter/../js/jquery-3.2.1.min.js,/docs/site/Get-FolderSize/../js/jquery-3.2.1.min.js,/docs/site/Get-PropertiesToCSV/../js/jquery-3.2.1.min.js,/docs/site/New-PSScript/../js/jquery-3.2.1.min.js,/docs/site/Connect-VMWareCluster/../js/jquery-3.2.1.min.js,/docs/site/Set-PSProjectFile/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixPolicy/../js/jquery-3.2.1.min.js,/docs/site/Resolve-SID/../js/jquery-3.2.1.min.js,/docs/site/New-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineScript/../js/jquery-3.2.1.min.js,/docs/site/Install-NFSClient/../js/jquery-3.2.1.min.js,/docs/site/Search-Script/../js/jquery-3.2.1.min.js,/docs/site/New-PSGenericList/../js/jquery-3.2.1.min.js,/docs/site/New-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Set-TempFolder/../js/jquery-3.2.1.min.js,/docs/site/Set-WindowsAutoLogin/../js/jquery-3.2.1.min.js,/docs/site/Get-CommandFiltered/../js/jquery-3.2.1.min.js,/docs/site/New-PSReportingScript/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemUptime/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixCloudConnector/../js/jquery-3.2.1.min.js,/docs/site/Install-BGInfo/../js/jquery-3.2.1.min.js,/docs/site/Get-SoftwareAudit/../js/jquery-3.2.1.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/jquery-3.2.1.min.js,/docs/site/Start-PSScriptAnalyzer/../js/jquery-3.2.1.min.js,/docs/site/Reset-Module/../js/jquery-3.2.1.min.js,/docs/site/Get-PSObject/../js/jquery-3.2.1.min.js,/docs/site/New-SuggestedInfraName/../js/jquery-3.2.1.min.js,/docs/site/New-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixVDAPort/../js/jquery-3.2.1.min.js,/docs/site/Remove-HiddenDevice/../js/jquery-3.2.1.min.js,/docs/site/Reset-PSGallery/../js/jquery-3.2.1.min.js,/docs/site/Set-SharedPSProfile/../js/jquery-3.2.1.min.js,/docs/site/New-MSEdgeWebApp/../js/jquery-3.2.1.min.js,/docs/site/Write-PSToolKitLog/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/jquery-3.2.1.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/jquery-3.2.1.min.js,/docs/site/Find-ChocolateyApp/../js/jquery-3.2.1.min.js,/docs/site/Start-PSRoboCopy/../js/jquery-3.2.1.min.js,/docs/site/Compare-ADMembership/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyClient/../js/jquery-3.2.1.min.js,/docs/site/Enable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/New-GodModeFolder/../js/jquery-3.2.1.min.js,/docs/site/Get-ProcessPerformance/../js/jquery-3.2.1.min.js,/docs/site/Backup-PowerShellProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-RDSSessionReport/../js/jquery-3.2.1.min.js,/docs/site/Write-PSMessage/../js/jquery-3.2.1.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryStat/../js/jquery-3.2.1.min.js,/docs/site/Show-PSToolKit/../js/jquery-3.2.1.min.js,/docs/site/Get-FullADUserDetail/../js/jquery-3.2.1.min.js,/docs/site/Update-LocalHelp/../js/jquery-3.2.1.min.js,/docs/site/Update-PSModuleInfo/../js/jquery-3.2.1.min.js,/docs/site/Restore-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Set-FolderCustomIcon/../js/jquery-3.2.1.min.js,/docs/site/Set-StaticIP/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemInfo/../js/jquery-3.2.1.min.js,/docs/site/New-GoogleSearch/../js/jquery-3.2.1.min.js,/docs/site/Write-PSReports/../js/jquery-3.2.1.min.js,/docs/site/Export-ESXTemplate/../js/jquery-3.2.1.min.js,/docs/site/Set-UserDesktopWallpaper/../js/jquery-3.2.1.min.js

Dependency Hierarchy:

❌ jquery-3.2.1.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with Mend here

CVE-2019-11358

Vulnerable Library - jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to dependency file: /docs/site/Install-LocalPSRepository/index.html

Path to vulnerable library: /docs/site/Install-LocalPSRepository/../js/jquery-3.2.1.min.js,/docs/site/Remove-CIMUserProfile/../js/jquery-3.2.1.min.js,/docs/site/Start-PSToolkitSystemInitialize/../js/jquery-3.2.1.min.js,/docs/site/Write-Ascii/../js/jquery-3.2.1.min.js,/docs/site/Test-PSRemote/../js/jquery-3.2.1.min.js,/docs/site/Backup-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Install-MSUpdate/../js/jquery-3.2.1.min.js,/docs/site/Disable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/Install-VMWareTool/../js/jquery-3.2.1.min.js,/docs/site/Remove-UserProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-FQDN/../js/jquery-3.2.1.min.js,/docs/site/Install-RSAT/../js/jquery-3.2.1.min.js,/docs/site/Show-ComputerManagement/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyServer/../js/jquery-3.2.1.min.js,/docs/site/./js/jquery-3.2.1.min.js,/docs/site/js/jquery-3.2.1.min.js,/docs/site/Get-NestedADGroupMember/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixClientVersion/../js/jquery-3.2.1.min.js,/docs/site/Remove-FaultyProfileList/../js/jquery-3.2.1.min.js,/docs/site/Import-XamlConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Install-PowerShell7x/../js/jquery-3.2.1.min.js,/docs/site/Test-IsFileOpen/../js/jquery-3.2.1.min.js,/docs/site/Add-ChocolateyPrivateRepo/../js/jquery-3.2.1.min.js,/docs/site/Start-DomainControllerReplication/../js/jquery-3.2.1.min.js,/docs/site/Update-MyModulesFromGitHub/../js/jquery-3.2.1.min.js,/docs/site/Test-SystemOnline/../js/jquery-3.2.1.min.js,/docs/site/Show-MyPSGalleryModule/../js/jquery-3.2.1.min.js,/docs/site/Test-PSPendingReboot/../js/jquery-3.2.1.min.js,/docs/site/Edit-SSHConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Update-ListOfDDC/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryReport/../js/jquery-3.2.1.min.js,/docs/site/New-PSModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PowerShellAsAdmin/../js/jquery-3.2.1.min.js,/docs/site/Get-WinEventLogExtract/../js/jquery-3.2.1.min.js,/docs/site/Update-PSDefaultParameter/../js/jquery-3.2.1.min.js,/docs/site/Get-FolderSize/../js/jquery-3.2.1.min.js,/docs/site/Get-PropertiesToCSV/../js/jquery-3.2.1.min.js,/docs/site/New-PSScript/../js/jquery-3.2.1.min.js,/docs/site/Connect-VMWareCluster/../js/jquery-3.2.1.min.js,/docs/site/Set-PSProjectFile/../js/jquery-3.2.1.min.js,/docs/site/Get-CitrixPolicy/../js/jquery-3.2.1.min.js,/docs/site/Resolve-SID/../js/jquery-3.2.1.min.js,/docs/site/New-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineScript/../js/jquery-3.2.1.min.js,/docs/site/Install-NFSClient/../js/jquery-3.2.1.min.js,/docs/site/Search-Script/../js/jquery-3.2.1.min.js,/docs/site/New-PSGenericList/../js/jquery-3.2.1.min.js,/docs/site/New-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Set-TempFolder/../js/jquery-3.2.1.min.js,/docs/site/Set-WindowsAutoLogin/../js/jquery-3.2.1.min.js,/docs/site/Get-CommandFiltered/../js/jquery-3.2.1.min.js,/docs/site/New-PSReportingScript/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemUptime/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixCloudConnector/../js/jquery-3.2.1.min.js,/docs/site/Install-BGInfo/../js/jquery-3.2.1.min.js,/docs/site/Get-SoftwareAudit/../js/jquery-3.2.1.min.js,/docs/site/Enable-RemoteHostPSRemoting/../js/jquery-3.2.1.min.js,/docs/site/Start-PSScriptAnalyzer/../js/jquery-3.2.1.min.js,/docs/site/Reset-Module/../js/jquery-3.2.1.min.js,/docs/site/Get-PSObject/../js/jquery-3.2.1.min.js,/docs/site/New-SuggestedInfraName/../js/jquery-3.2.1.min.js,/docs/site/New-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Test-CitrixVDAPort/../js/jquery-3.2.1.min.js,/docs/site/Remove-HiddenDevice/../js/jquery-3.2.1.min.js,/docs/site/Reset-PSGallery/../js/jquery-3.2.1.min.js,/docs/site/Set-SharedPSProfile/../js/jquery-3.2.1.min.js,/docs/site/New-MSEdgeWebApp/../js/jquery-3.2.1.min.js,/docs/site/Write-PSToolKitLog/../js/jquery-3.2.1.min.js,/docs/site/Find-OnlineModule/../js/jquery-3.2.1.min.js,/docs/site/Start-PSProfile/../js/jquery-3.2.1.min.js,/docs/site/Set-PSToolKitSystemSetting/../js/jquery-3.2.1.min.js,/docs/site/Publish-ModuleToLocalRepo/../js/jquery-3.2.1.min.js,/docs/site/Find-ChocolateyApp/../js/jquery-3.2.1.min.js,/docs/site/Start-PSRoboCopy/../js/jquery-3.2.1.min.js,/docs/site/Compare-ADMembership/../js/jquery-3.2.1.min.js,/docs/site/Install-ChocolateyClient/../js/jquery-3.2.1.min.js,/docs/site/Enable-WebEncoding/../js/jquery-3.2.1.min.js,/docs/site/New-GodModeFolder/../js/jquery-3.2.1.min.js,/docs/site/Get-ProcessPerformance/../js/jquery-3.2.1.min.js,/docs/site/Backup-PowerShellProfile/../js/jquery-3.2.1.min.js,/docs/site/Get-RDSSessionReport/../js/jquery-3.2.1.min.js,/docs/site/Write-PSMessage/../js/jquery-3.2.1.min.js,/docs/site/Set-VSCodeExplorerSortOrder/../js/jquery-3.2.1.min.js,/docs/site/Get-MyPSGalleryStat/../js/jquery-3.2.1.min.js,/docs/site/Show-PSToolKit/../js/jquery-3.2.1.min.js,/docs/site/Get-FullADUserDetail/../js/jquery-3.2.1.min.js,/docs/site/Update-LocalHelp/../js/jquery-3.2.1.min.js,/docs/site/Update-PSModuleInfo/../js/jquery-3.2.1.min.js,/docs/site/Restore-ElevatedShortcut/../js/jquery-3.2.1.min.js,/docs/site/Import-CitrixSiteConfigFile/../js/jquery-3.2.1.min.js,/docs/site/Set-FolderCustomIcon/../js/jquery-3.2.1.min.js,/docs/site/Set-StaticIP/../js/jquery-3.2.1.min.js,/docs/site/Get-SystemInfo/../js/jquery-3.2.1.min.js,/docs/site/New-GoogleSearch/../js/jquery-3.2.1.min.js,/docs/site/Write-PSReports/../js/jquery-3.2.1.min.js,/docs/site/Export-ESXTemplate/../js/jquery-3.2.1.min.js,/docs/site/Set-UserDesktopWallpaper/../js/jquery-3.2.1.min.js

Dependency Hierarchy:

❌ jquery-3.2.1.min.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: jquery - 3.4.0

Step up your Open Source Security Game with Mend here

bootstrap-3.3.7.js: 6 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - bootstrap-3.3.7.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.js

Path to vulnerable library: /docs/site/js/bootstrap-3.3.7.js

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (bootstrap version)	Remediation Possible**
CVE-2019-8331	Medium	6.1	bootstrap-3.3.7.js	Direct	bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1	❌
CVE-2018-20677	Medium	6.1	bootstrap-3.3.7.js	Direct	Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0	❌
CVE-2018-20676	Medium	6.1	bootstrap-3.3.7.js	Direct	bootstrap - 3.4.0	❌
CVE-2018-14042	Medium	6.1	bootstrap-3.3.7.js	Direct	org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0	❌
CVE-2016-10735	Medium	6.1	bootstrap-3.3.7.js	Direct	bootstrap - 3.4.0, 4.0.0-beta.2	❌
CVE-2018-14040	Low	3.7	bootstrap-3.3.7.js	Direct	org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2019-8331

Vulnerable Library - bootstrap-3.3.7.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.js

Path to vulnerable library: /docs/site/js/bootstrap-3.3.7.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-02-20

Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1

Step up your Open Source Security Game with Mend here

CVE-2018-20677

Vulnerable Library - bootstrap-3.3.7.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.js

Path to vulnerable library: /docs/site/js/bootstrap-3.3.7.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Publish Date: 2019-01-09

URL: CVE-2018-20677

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677

Release Date: 2019-01-09

Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0

Step up your Open Source Security Game with Mend here

CVE-2018-20676

Vulnerable Library - bootstrap-3.3.7.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.js

Path to vulnerable library: /docs/site/js/bootstrap-3.3.7.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

Publish Date: 2019-01-09

URL: CVE-2018-20676

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0

Step up your Open Source Security Game with Mend here

CVE-2018-14042

Vulnerable Library - bootstrap-3.3.7.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.js

Path to vulnerable library: /docs/site/js/bootstrap-3.3.7.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0

Step up your Open Source Security Game with Mend here

CVE-2016-10735

Vulnerable Library - bootstrap-3.3.7.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.js

Path to vulnerable library: /docs/site/js/bootstrap-3.3.7.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

Publish Date: 2019-01-09

URL: CVE-2016-10735

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2

Step up your Open Source Security Game with Mend here

CVE-2018-14040

Vulnerable Library - bootstrap-3.3.7.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.js

Path to vulnerable library: /docs/site/js/bootstrap-3.3.7.js

Dependency Hierarchy:

❌ bootstrap-3.3.7.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

CVSS 3 Score Details (3.7)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0

Step up your Open Source Security Game with Mend here

jquery-3.2.1.js: 4 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - jquery-3.2.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js

Path to vulnerable library: /docs/site/js/jquery-3.2.1.js

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (jquery version)	Remediation Possible**
CVE-2020-23064	Medium	6.1	jquery-3.2.1.js	Direct	jquery - 3.5.0	❌
CVE-2020-11023	Medium	6.1	jquery-3.2.1.js	Direct	jquery - 3.5.0;jquery-rails - 4.4.0	❌
CVE-2020-11022	Medium	6.1	jquery-3.2.1.js	Direct	jQuery - 3.5.0	❌
CVE-2019-11358	Medium	6.1	jquery-3.2.1.js	Direct	jquery - 3.4.0	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-23064

Vulnerable Library - jquery-3.2.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js

Path to vulnerable library: /docs/site/js/jquery-3.2.1.js

Dependency Hierarchy:

❌ jquery-3.2.1.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element.

Publish Date: 2023-06-26

URL: CVE-2020-23064

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2023-06-26

Fix Resolution: jquery - 3.5.0

Step up your Open Source Security Game with Mend here

CVE-2020-11023

Vulnerable Library - jquery-3.2.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js

Path to vulnerable library: /docs/site/js/jquery-3.2.1.js

Dependency Hierarchy:

❌ jquery-3.2.1.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

Step up your Open Source Security Game with Mend here

CVE-2020-11022

Vulnerable Library - jquery-3.2.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js

Path to vulnerable library: /docs/site/js/jquery-3.2.1.js

Dependency Hierarchy:

❌ jquery-3.2.1.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with Mend here

CVE-2019-11358

Vulnerable Library - jquery-3.2.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js

Path to vulnerable library: /docs/site/js/jquery-3.2.1.js

Dependency Hierarchy:

❌ jquery-3.2.1.js (Vulnerable Library)

Found in HEAD commit: 4083d287c2e5ac798412b521e0a05fc62afd4650

Found in base branch: master

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: jquery - 3.4.0

Step up your Open Source Security Game with Mend here

smitpi / pstoolkit Goto Github PK

pstoolkit's Introduction

Hi, I'm Pierre Smit

A passionate PowerShell scripter and anything automation.

Connect with me:

pstoolkit's People

Contributors

Stargazers

Watchers

Forkers

pstoolkit's Issues

Vulnerabilities

Details

Vulnerable Library - bootstrap-3.3.7.min.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.min.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.min.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.min.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.min.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.min.js

Vulnerability Details

CVSS 3 Score Details (3.7)

Suggested Fix

Vulnerabilities

Details

Vulnerable Library - jquery-3.2.1.min.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - jquery-3.2.1.min.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - jquery-3.2.1.min.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - jquery-3.2.1.min.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerabilities

Details

Vulnerable Library - bootstrap-3.3.7.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.js

Vulnerability Details

CVSS 3 Score Details (6.1)

Suggested Fix

Vulnerable Library - bootstrap-3.3.7.js

Vulnerability Details

CVSS 3 Score Details (3.7)