JQuery 1.2 < 3.5.0 Multiple XSS

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136929);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");

  script_cve_id("CVE-2020-11022", "CVE-2020-11023");
  script_xref(name:"IAVB", value:"2020-B-0030");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"JQuery 1.2 < 3.5.0 Multiple XSS");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple cross site scripting
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater
than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios 
required for successful exploitation do not exist on devices running a PAN-OS release.");
  script_set_attribute(attribute:"see_also", value:"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/");
  script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/PAN-SA-2020-0007");
  script_set_attribute(attribute:"solution", value:
"Upgrade to JQuery version 3.5.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11023");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:jquery:jquery");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("jquery_detect.nasl", "palo_alto_version.nbin", "cisco_wlc_version.nasl", "cisco_apic_version.nbin");
  script_require_keys("installed_sw/jquery");
  script_exclude_keys("Host/Palo_Alto/Firewall/Version", "Host/Cisco/WLC/Version");
  script_require_ports("Services/www", 80);

  exit(0);
}

include('http.inc');
include('vcf.inc');

if (get_kb_item('Host/Palo_Alto/Firewall/Version'))
  exit(0, 'The remote host is PAN-OS, and therefore not affected.');

if (get_kb_item('Host/Cisco/WLC/Version'))
  exit(0, 'The remote host is a Cisco WLC, and therefore not affected.');

var appname = 'jquery';
get_install_count(app_name:appname, exit_if_zero:TRUE);
var jport = get_http_port(default:8081);

if (get_install_count(app_name:'Cisco APIC Software') > 0)
{
  var installs = get_installs(app_name:'Cisco APIC Software', port:jport);
  var length = 0;
  if (!isnull(installs)) length = length(installs[1]);

  if (length > 0)
  {
    exit(0, 'The remote host is a Cisco APIC, and therefore not affected.');
  }
}

var app_info = vcf::get_app_info(app:appname, port:jport, webapp:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:3);

var constraints = [{'min_version':'1.2','fixed_version':'3.5.0'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING,flags:{xss:TRUE});