Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
Version has been updated.
Version Disclosure and Outdated jQuery Vulnerability Report
Disclosed by 0xZoro1337- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date 9 months ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by 0xZoro1337
This report identifies a version disclosure and outdated jQuery library (v1.8.2) in use on https://scijinks.gov/. This version is publicly known to have several vulnerabilities, including CVE-2012-6708 (Prototype Pollution), CVE-2015-9251 (XSS in ajax()), and CVE-2016-7103 (DOM-based XSS).
While the finding was rated informational due to a lack of direct exploitation, it demonstrates the importance of managing third-party dependencies and reducing attack surfaces exposed by outdated components.
The submission aims to raise awareness and promote best practices in frontend security hygiene.