JQUERY
VULNERABILITY THREAT AFFECTS ACROSS THE GLOBE
In jQuery versions greater than or equal to 1.0.3
or 1.2 and before 3.5.0, passing HTML containing elements from untrusted
sources - even after sanitizing it - to one of jQuery's DOM manipulation
methods (i.e. .html(), .append(), and others) may execute untrusted code. This
problem is patched in jQuery 3.5.0.
Using this vulnerability, one
can create or alter web pages, using the rest Api, one can send or re-route
requests and access all the sensitive data across server in the below mentioned
affected products. Majorly the PHP and
Python are the used as agents in the following affected products.
AFFECTED PRODUCTS:
- Oracle – All server and products such as Financial Services Regulatory Reporting , Communications Session Route Manager, Health Sciences Inform, Hyperion Financial Reporting, Jd Edwards Enterpriseone Tools, Peoplesoft Enterprise Human Capital Management Resources, Primavera Gateway, Rest Data Services, Siebel, Webcenter Sites, Weblogic Server
- Debian
- Drupal
- Tenable
AFFECTED
REGION:
- United States
- Europe (Netherlands, France, Germany, Poland)
- China
- Russia
v Using this abuse, across the
globe causing financial damage, such as a hacker from say North Korea, can take
control of organizational data anywhere, and demanding for a ransom amount.