On the webserver is installed JQuery 2.2.1
Viewing the NASL (/var/lib/openvas/plugins/2018/jquery/gb_jquery_xss_vuln2.nasl), I noticed that the variable “version” return a value “.2.2.1” (it starts with a dot) instead of “2.2.1”.
Could it be the problem?
Thanks for your report. The Detection-VT for jQuery has received various updates one day ago which are not published in the feed yet. Please try to do a re-scan once the following VT has reached the feed in r13969:
In this VT you will also find various information how the jQuery lib was detected and where the version was extracted from. If there is a version “.2.2.1” registered in this output it would be great if you could share the output of this VT.
In your GSA web interface you can go to SecInfo -> NVTs, put the mentioned OID from above into the search field and check the “Version” column to see which Revision of this VT is currently available on your installation / in the feed.
The output of the mentioned Detection-VT should look like e.g. below. I guess the jquery lib on your deployment is using something like jquery.3.3.1.min.js and not the common naming format like jquery-3.3.1.min.js. The current used regex to extract the version might be not sufficient for this format.
The output of the mentioned Detection-VT should look like e.g. below. I guess the jquery lib on your deployment is using something like jquery.3.3.1.min.js and not the common naming format like jquery-3.3.1.min.js . The current used regex to extract the version might be not sufficient for this format.
Exactly, I have the /js/jquery.X.X.X.min.js (with the dot)
About the revision, actually it’s at $Revision: 12178 $, I think I have to wait a bit
The feeds are s days old
This is a quite uncommon deployment / naming scheme for the jquery lib (have only found a couple of “live” systems using this format in contrast to hundreds of thousands of the jquery-x.x.x.min.js one) and is definitely the reason for the reported issue. The VT had initially used the following regex:
jquery([0-9.-]+)?
where the dot was included when extracting the version. Nevertheless from the uncommon naming scheme the regex should catch such variants as well. The VT has been updated accordingly and the updated version r14001 should arrive the feed soon.