According to version in script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

Release : BSI 8.35

BSI is not a complete jQuery based application,there is very minimal usage of it in the application,we are using multiple versions of jquery 1.4.2,1.7.1 and 1.11.0.

We didn't use any dom manipulation methods which are mentioned in CVE(CVE-2020-11023 & CVE-2020-11022) and are not exploitable.

We did test internally as per CVE exploitability but the application is not using any of those dom API's mentioned as per CVE.

Currently we are not upgrading jQuery to 3.5.0 and above.