Problem: The remote web server is affected by multiple cross site scripting vulnerability.
Internal Pen testing found Older versions of JQuery being used that has multiple cross site scripting vulnerability.
Recommendation: is to Upgrade to JQuery version 3.5.0 or later.
Release : 14.3 CP2
Component : Virtual Appliance
Identity Portal has required defense mechanism implemented to handle Cross Site Scripting attacks when a cross-domain Ajax request is performed, also it's frontend API doesn't allow to extend the native Object.prototype source object as well as doesn't allow to execute jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) to carry out the execution of untrusted code. Identity Portal is not vulnerable for the vulnerability issues mentioned as part of CVE-2015-9251, CVE-2019-11358 and CVE-2020-11022 due to the lower version of AngularJS and JQuery.
If there's any XSS attack or Object.prototype source object pollution is noticed then please share the specific use case details and we would handle that on an urgent basis.