View Issue Details

IDProjectCategoryView StatusLast Update
0019831phpList 3 applicationSecuritypublic15-04-19 13:55
Reportersamtuke 
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version3.3.9 
Target Versionnext minorFixed in Version 
Summary0019831: Upgrade jQuery UI 1.8.1 to latest
DescriptionReported by kgarland in the forum:

I’m noticing that PHPList is using Jquery UI Version 1.8.1, however, there is a XSS vulnerability for using versions lower than 1.10.0

https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-31126/Jquery-Jquery-Ui.html 2

Locations I could find:

\phplist-3.4.0-RC2\public_html\lists\admin\js\jquery-ui-1.8.1.all.min.js
\phplist-3.4.0-RC2\public_html\lists\admin\ui\default\js\all.js
\phplist-3.4.0-RC2\public_html\lists\admin\ui\default\js\all.min.js
TagsNo tags attached.

Activities

xheni

18-03-19 08:57

administrator   ~0062018

These files are used when there is no theme available only.