The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jquery: Cross-site scripting (XSS) via HTML tags containing whitespaces (CVE-2020-7656) In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources – even after sanitizing it – to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. (CVE-2020-11022) In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources – even after sanitizing it – to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. (CVE-2020-11023) Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is…Read More
RHEL 7 : jquery (Unpatched Vulnerability)
