XSS vulns in web wallet 2.1.6-2.alpha.atlantisNightly+31102018 #26

DaftSyk · 2021-05-02T19:19:20Z

According to retire.js:

`

bootstrap	4.1.3	Found in https://wallet.dero.io/static/deps/bootstrap.min.js _____Vulnerability info:medium28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-83311	medium	28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331	1
medium	28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331	1
jquery	3.2.1	Found in https://wallet.dero.io/static/deps/jquery-3.2.1.js _____Vulnerability info:mediumCVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution123mediumCVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS1mediumCVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS1	medium	CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution	123
medium	CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution	123
medium	CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS	1
medium	CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS	1

`

Provide feedback