Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Jquery Xss Vulnerabilities Rate Topic   - - - - -

  • dm2118
  • Junior Member
  • Members
  • Join Date: 26-Aug 09
  • 2 posts

Posted 12 June 2018 - 10:24 PM #1

Hi, I have a client who failed their PCI compliance scan by Trustwave. Anyone else having this problem and a solution? It says to upgrade to version 3.0.0 or higher, but it looks like that would probably break CS cart.


The following is the error message:


jQuery Cross-Domain
Asynchronous JavaScript and
Extensible Markup Language
Request Cross-site Scripting
Vulnerability, CVE-2015-9251

jQuery is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Asynchronous JavaScript and Extensible Markup Language (AJAX) Request is performed without the dataType option, causing text/javascript responses to be executed. This finding is based on version information which may not have been updated by previously installed patches (e.g., Red Hat "back ports").
Please submit a "Patched Service" dispute in TrustKeeper if this vulnerability has already been patched.
All Cross-Site Scripting vulnerabilities are considered non-compliant by PCI.
CVE: CVE-2015-9251
NVD: CVE-2015-9251
Service: http
Application: nginx:nginx
Match: '1.9.1' is less than '3.0.0'
Upgrade jquery to version 3.0.0 or higher.

  • martfox
  • Member
  • Authorized Reseller
  • Join Date: 15-Jan 10
  • 552 posts

Posted 12 June 2018 - 10:25 PM #2

Which CS-Cart version is he using?

CS-Cart with 1 Year FREE Web Hosting | CS-Cart optimized SSD Cloud VPS Servers from €10.00/month
VPS SSD Cloud from €10.00 *** Dedicated Servers *** CS-Cart Authorized Reseller and Web Hosting Provider