asked on April 5, 2019
Hi Team,
I am using a licensed version of flexmonster. I carried out security scan at our end. And found out the following flaw in the js:
Cross-Site Scripting: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
at flexmonster.js
Attack Vector: jQueryResult.load
Could you please tell if this vulnerability is fixed in any version or this vulnerability is false as your code takes care of it by any way or Are there any security checks carried out at your end to ensure this vulnerability is mitigated.
Thanks,
Parul Gautam
⋅ April 5, 2019
Hello Parul,
Thank you for the question.
We have removed jQuery dependency starting at version 2.4 (Aug 2017).
The message contains Attack Vector: jQueryResult.load so updating to the latest version (currently it is 2.7.2) should fix the issue.
Hope it helps.
BTW, could you please indicate your license owner's company name (we need it for our internal records)?
Thanks,
Ian
