Need help to determine the location of a jQuery finding

I have a server that HAS jquery in it - (a tomcat app); but I keep getting a result for “jQuery < 1.9.0 XSS Vulnerability”.

The app is using a much later version of Jquery, and I’ve verified that jquery 1.7.x does not exist anywhere in the app environment.

Any idea how I figure out why I’'m getting this result? The detection test says:

Installed version: 1.7.1
Fixed version: 1.9.0
path / port: /appname/js/jquery/jquery-1.7.1.min.js

But that file is simply NOT there.


this is in general no false positive as neither the scanner nor any VT is creating such links on its own and it has been found / exists / is referenced on the target system.

There might be two reasons why the referenced file doesn’t exist:

  1. The file is referenced in some HTML source code but doesn’t exist on the target anymore
  2. The path isn’t build correctly in the reporting

In both cases the output of the following detection (This is a log message so the filter of the results needs to be adjusted accordingly) could give additional pointers where / how the file is referenced (please make sure to use a recent feed version):

Name: jQuery Detection Consolidation

For case 1. the vendor of the device / app needs to be contacted and asked to remove the outdated link.

For case 2. it could be possible to improve the reporting if the output of the consolidation is provided here.

1 Like