PCI upgrade to JQuery 3.0: can you help me understand how to do this on my site.

  • Profile Image
    jennamonkey
    Asked on February 11, 2019 at 07:14 PM

    Hello, to be able to pass my PCI on my website , it says I need to upgrade to jQuery to version 3.0.0?


    please can you help me understand how to do this on my site:

    https://www.minnietheclownparties.co.uk/book-a-party-payment-details.html

     It says:

    jQuery is vulnerable to Cross-site Scripting (XSS) attacks because the Query() function does not differentiate selectors from HTML in a reliable way. In vulnerable versions, jQuery determines if the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility to build a malicious payload.


    This finding indicates that either the root domain url, sub-domain url, or an imported/sourced version of jQuery is below jQuery version 1.9.0. All three scenarios allow an attacker to execute cross site scripting attacks on the root domain.


    For details about which pages jQuery has been detected on, as well as detected jQuery script source paths, please refer to the evidence presented in the jQuery Script Detection finding (vulncode 30005875).


    thanks

  • Profile Image
    BDAVID
    Answered on February 11, 2019 at 10:02 PM

    If you need to update your jQuery libraries, you need to ask your webmaster, or website provider.

    If you have any questions related to your jotform, please let us know what you need on this thread.