Description
We have installed the Exist-db version 4.0 on our AWS Server on port 8090, Which is open to internet. In the recent scan of the Server, we have encountered the vulnerabilities on this port due to lower version of jquery(1.7.1) is used in the exist-db.
As per remedy reports, it has been advice to Upgrade jquery to version 3.0.0 or higher. I have checkeds the latest version of Exist-db but it is also using the older version of jquery. We can not manually replace the jquery version because it has been referenced by many objects of exist-db server.
Kindly advice and let me know how do i solve this issue. Please find below the related reference links and details for your reference.
https://snyk.io/vuln/npm:jquery:20150627
https://bugs.jquery.com/ticket/11290
https://nvd.nist.gov/vuln/detail/CVE-2012-6708
jQuery is vulnerable to Cross-site Scripting (XSS) attacks because the Query() function does not differentiate selectors from HTML in a reliable way. In vulnerable versions, jQuery determines if the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility to build a malicious payload.
Is Exist-db planning to release new setup with latest version of Jquery??