Outdated JavaScript library with known vulnerabilities The web application loads a JavaScript widget based on a JavaScript library with publicly known crosssite scripting vulnerabilities. The file upload widget is based on jQueryUI (1.11.1). during pentests the web application could not be actively exploited. The reported jQueryUI version in use was 1.13, with no known vulnerabilities.
An attacker could exploit the known vulnerabilities to inject malicious code into the application. Although
there was no active exploitation during the test it may be possible that future changes in the application
might use the vulnerability-related functions, thus enabling active exploits. We recommend checking the imported widget with regards to the known vulnerabilities and migrating to currently supported versions with no known vulnerabilities to minimize the potential attack surface of the web application and to avoid new security vulnerabilities in the case of future changes.