jQuery vulnerability in nxlog-manager-5.5.5398

#1 sgiliyal 1 year ago

Greetings!

I have a vulnerability in jQuery to be addressed in the nxlog manager v5 (5.5.5398).

This is related to XSS vulnerabilities from the version of jQuery installed (1.8.3, 1.9.2 ui) .

Will upgrading Manager to 5.6.5633 resolve the issue and update jQuery to 3.5.0+ ?

If not, please can you provide steps to update jQuery manually?

Thanks! Shyam (on behalf of Shashidhar Ghiliyal)

Permalink

#2 NenadMDeactivated Nxlog ✓ 1 year ago

#1 sgiliyal

Greetings! I have a vulnerability in jQuery to be addressed in the nxlog manager v5 (5.5.5398). This is related to XSS vulnerabilities from the version of jQuery installed (1.8.3, 1.9.2 ui) . Will upgrading Manager to 5.6.5633 resolve the issue and update jQuery to 3.5.0+ ? If not, please can you provide steps to update jQuery manually? Thanks! Shyam (on behalf of Shashidhar Ghiliyal)

Hello

NXLog Manager v5.6 still has this jQuery version. It is set to be fixed with the Manager version 6. This vulnerability should not be displayed in case you decide to use https with NXLog Manager. Please try disabling the 9090 port and leave 9443 only, then repeat the vulnerability scan.

Also, please register on the NXLog Customer Portal page: https://nxlog.co/user/register and ask your colleague Shashidhar Ghiliyal to confirm your status via regular Support tickets. This is the NXLog Community Edition forum.

Best regards