Google Lighthouse reports Joomla 3.8.3 using exploitable Jquery

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
JJazz
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Mon Jan 22, 2018 3:43 am

Google Lighthouse reports Joomla 3.8.3 using exploitable Jquery

Post by JJazz » Mon Jan 22, 2018 3:51 am

Testing of my Joomla 3.8.3 site using Google Lighthouse in chromium reported the following:

---
Best Practices
4 Failed Audits
...
Includes front-end JavaScript libraries with known security vulnerabilities: 1 vulnerability was detected.

Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers.

Library Version Vulnerability Count Highest Severity
jQuery@1.12.4 1 Medium

on a report page linked to https://snyk.io/vuln/npm:jquery?lh@1.12.4

Where jquery is found in media/jui/js, I believe (it's the only one grep found).

However CVE-2016-7103 report "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0" (note 'before')

https://cve.mitre.org/cgi-bin/cvekey.cg ... ery+1.12.4

So this information is inconsistent? (It's a bit hard to read).

Is Joomla 3's Jquery 1.12.4 vulnerable?

Post Reply

Return to “Security in Joomla! 3.x”