Version 12.2.5 we have a vulnerability, we need help to resolve this issue.
URL : https://automic.domain.domainname.com.tr/VAADIN/widgetsets/UC4WebUIWidgetset/jquery-1.7.1.min.js
Installed version : 1.7.1
Fixed version : 3.5.0
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
The AWI 12.2.5 comes with jQuery version 1.7.1
The AWI 12.3.2 and 12.3.3 comes with jQuery version 3.3.1.
Release : 12.2
Component : AUTOMIC WEB INTERFACE
There are no functional issues. It is a vulnerability identified with JQUERY. This has been fixed in jQuery 3.5.0.
The engineering team has accepted this as a bug. This will be fixed in a future release.
Customers are invited to register into the Support Portal to get information about products/features and new fixes will be referenced accordingly.