We received a notification from our security team about a jQuery XSS vulnerability.
Can you tell us if Autosys/WCC/EEM are impacted by this?
If so, we will need to address this issue.
"A high priority Cross-Site Scripting vulnerability was recently addressed in the newly released jQuery 3.5.0:
"...jQuery used a regex in its jQuery.htmlPrefilter method to ensure that all closing tags were XHTML-compliant when passed to methods. For example, this prefilter ensured that a call like jQuery("<div class='hot' />") is actually converted to jQuery("<div class='hot'></div>"). Recently, an issue was reported that demonstrated the regex could introduce a cross-site scripting (XSS) vulnerability."
Release : 11.3.6
Component : WORKLOAD CONTROL CENTER
For WCC the issue is addressed in r12.
For AE (AutoSys) and EEM (Embedded Entitlements Manager) they do not use jquery so there is no impact.