www.Vodmochka.com; Apache 2.4.25; PHP 5.6.30;
I am running ZC version 1.5.0 since it came out originally.
I use First Data and PayPal.
Once a month Trustwave runs the vulnerability test.
Until now all the problems that come out I could fix by myself or with the help of my Webhost, Stormwire.com.
Right now they told me they cannot fix the problem, because I am on a shared server,
Please let me know what my options are to fix this problem?
Here is the failed vulnerability Report:
"Port: tcp/80
jQuery is vulnerable to Cross-site Scripting (XSS) attacks when a cross-
domain Asynchronous JavaScript and Extensible Markup Language
(AJAX) Request is performed without the dataType option, causing
text/javascript responses to be executed.
This finding indicates that either the root domain url, sub-domain url, or
an imported/sourced version of jQuery is below jQuery version 3.0. All
three scenarios allow an attacker to execute cross site scripting attacks
on the root domain.
For details about which pages jQuery has been detected on, as well as
detected jQuery script source paths, please refer to the evidence
presented in the jQuery Script Detection finding (vulncode 30005875).
This finding is based on version information which may not have been
updated by previously installed patches (e.g., Red Hat "back ports").
Please submit a "Patched Service" dispute in TrustKeeper if this
vulnerability has already been patched.
All Cross-Site Scripting vulnerabilities are considered non-compliant by
PCI.
CVE: CVE-2015-9251
NVD: CVE-2015-9251
CVSSv2: AV:N/AC:M/Au:N/C:N/I
/A:N
Service: http
Application: apache:http_server
Reference:
https://github.com/jquery/jquery/issues/2432
https://snyk.io/vuln/npm:jquery:20150627
Evidence:
Match: '1.12.0' is less than '3.0.0'
Remediation:
Upgrade jQuery to version 3.0.0 or higher. This includes versions of
jQuery used on the root domain, subdomain, or imported/sourced
libraries.
For details about which pages jQuery has been detected on, as well as
detected jQuery script source paths, please refer to the evidence
presented in the jQuery Script Detection finding (vulncode 30005875)."
I appreciate any help I can get.
Bookmarks