search cancel

Jasper Vulnerable javascript library: jQuery 1.11.0


Article ID: 215032


Updated On:


CA Service Desk Manager CA Service Management - Service Desk Manager


Scan result:

Vulnerable javascript library: jQuery
version: 1.11.0
script uri:
CVE-2015-9251: jQuery versions on or above 1.4.0 and below 1.12.0 (version 1.12.3 and above but below 3.0.0-beta1 as well) are vulnerable to XSS via 3rd party text/javascript responses(3rd party CORS request may execute). (
Solution: jQuery version 1.12.0 has been released to address the issue ( NOTE: Fix was reverted back in 1.12.2, so version 1.12.3 and above but below 3.0.0-beta1 are vulnerable as well. Please refer to vendor documentation ( for the latest security updates.

In jQuery versions on or above 1.8.0 and below 1.12.0 $.parseHTML has (lots of) XSS. In these versions parseHTML() executes scripts in event handlers. Please refer following resource for more details:,

CVE-2019-11358: jQuery versions below 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. An unsanitized source object containing an enumerable __proto__ property could extend the native Object.prototype. Please refer following resources for more details: released/,,,

jQuery versions below 3.5.0 used a regex in its jQuery.htmlPrefilter method. This regex which is used to ensure that all tags are XHTML-compliant could introduce a vulnerability to Cross-site Scripting(XSS) attack. Please refer to vendor documentation ( and for the security fix details.

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. Please refer and detail/CVE-2020-11022 for details.
Found on the following pages (only first 10 pages are reported):


JasperReports Server r7.1.1


JasperReports Server r7.1.1 is going to be EOS soon.

Considering upgrading it to a newer version and rerun the scan.

Newer versions use an updated version of the JQuery library.