Code Injection in Jquery files
Hi Friends,
We are facing
code injection vulnerability in the jquery script files
(
jquery.tablesorter.min and
BackOffice-pageEnd-all-min
)
.
In HP fortify report, the code injection finding in set Timeout
function.
jquery.tablesorter.min
setTimeout(function(){$(table).trigger("sortEnd");},0);
setTimeout(function(){setHeadersCss($this[0],$headers,config.sortList,sortCSS);
appendToTable($this[0],multisort($this[0],config.sortList,cache));},1);
BackOffice-pageEnd-all-min
setTimeout(function(){$(table).trigger("sortEnd");},0);
setTimeout(function(){setHeadersCss($this[0],$headers,config.sortList,sortCSS);
appendToTable($this[0],multisort($this[0],config.sortList,cache));},1);
setTimeout("loadOverview()",15000);
Please give your suggestion like how to avoid code injection in the above scenario?
Many thanks in advance!
Regards,
Arun
Topic Participants
psarunkumar.in
jay.blanchard
emp_shad
jakecigar
smithaac