We scan our public IP quarterly to verify security settings and we found this on a sandbox version of Acumatica used for dev/testing internally. Anyone else getting this. Is this something we can fix or does Acumatica need to update some dependencies. Acumatica Version 2020R2 build: 20.214.0030
jQuery 3.4 fixed cross-site scripting vulnerability
04/23/19
CVE 2019-11358
jQuery before 3.4.0, as used in Drupal and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution.
If an unsanitized source object contained an enumerable __proto__ property , it could extend the native Object.prototype .
Cross-site scripting vulnerability in jQuery.htmlPrefilter
07/18/20
Impact:
An attacker could launch a cross-site scripting attack, potentially leading to theft of session IDs or other consequences and
could create a denial of service condition.
Resolution:
http://jquery.com/download/] Upgrade to jQuery 3.5.0 or higher.