Hi,
We're running Nagios 2024 R1.
Our enterprise security team has requested that we shutdown our Nagios instance
because it contains a vulnerable version of the jQuery UI at v1.12.1.
Vulnerability scan results recommend that this be upgraded to at least
jQuery UI version 1.13.2.
Here are the cited vulnerabilities associated with jQuery UI.
Is there a way for us to ugprade jQuery UI used by Nagiosxi, or
are there mitigiation steps we can take against the cited vulnerabilities or
are the vulnerabilities false postitives and not applicable to the jQuery UI
version used by Nagiosxi.
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
CVE-2022-31160
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
CVE-2021-41184
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
CVE-2021-41183
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
CVE-2021-41182
Nagios xi jquery security issues
-
swolf
- Developer
- Posts: 361
- Joined: Tue Jun 06, 2017 9:48 am
Re: Nagios xi jquery security issues
Hi @scheung, thanks for reaching out.
It looks like this is an oversight on our part - thanks for letting us know. I've filed an issue to get this plugin updated in a future maintenance release.
-Sebastian
It looks like this is an oversight on our part - thanks for letting us know. I've filed an issue to get this plugin updated in a future maintenance release.
-Sebastian
Developer @ Nagios 2017-05-15 thru 2024-08-06