Vulnerabilities in Open Source Libraries

The below table shows the list of rules for vulnerabilities in open source libraries that are checked by Quality Clouds.

Not all reported vulnerabilities apply to the use of Open Source JavaScript libraries in the specific context of their use in SaaS platforms, versus their use in the development of stand alone web applications.

The vulnerabilities are only available in full scans - not when running Live Checks or in update set scans.

Description	Severity	Area of impact
AngularJS - Prototype Pollution Vulnerability under 1.7.9	High	Security
AngularJS - XSS vulnerability using AngularJS under 1.6.9 with Firefox	High	Security
AngularJS - XSS vulnerability through the attribute "usemap" from 1.3.0 to 1.5.0-rc2	High	Security
AngularJS - XSS vulnerability through the attribute "usemap" from 1.0.0 to 1.2.30	High	Security
AngularJS - XSS vulnerability using AngularJS under 1.6.5 in Firefox and Safari - sanitize on inert Documents	High	Security
AngularJS - XSS vulnerability under 1.8.0 - input HTML	High	Security
AngularJS - Denial of Service attack through DOM clobbering on versions under 1.6.3	High	Security
jQuery - XSS vulnerability under 3.5.0, when using htmlPrefilter	High	Security
XSS vulnerability in Ext JS Action Column getTip	High	Security
jQuery - Prototype Pollution Vulnerability under 3.4.0	High	Security
jQuery - XSS vulnerability under 1.6.3, when using location.hash	High	Security
jQuery - XSS vulnerability under 1.9.0, when using jQuery(strInput)	High	Security
jQuery - XSS vulnerability under 3.0.0, when making cross-domain calls without the dataType option	High	Security
jQuery-ui-tooltip - XSS vulnerability under 1.10.0, title attribute	High	Security
jQuery-ui-dialog - XSS vulnerability under 1.10.0, title attribute	High	Security
jQuery-ui-dialog - XSS vulnerability under 1.10.0, closeText parameter	High	Security
moment.js - Regular Expression Denial of Service Vulnerability	High	Security