PCI compliance is a requirement for our business and most businesses that accept credit cards. We are required to pass a quarterly scan. The Peplink Balance router is causing the scan to fail. Surely this is impacting other customers. Please update the firmware to use jQuery 3.0 or later.
vulnerable jQuery version: 1.12.4
Risk: High (3)
Threat ID: web_lib_jquery
Details: Two vulnerabilities fixed in jQuery 3.0.0
Two vulnerabilities were fixed in jQuery 3.0.0.
Second, jQuery 3.0.0-rc.1 and before 3.0.0 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names.
Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
Information From Target:
GET /MANGA/jquery.js?$Name: HTTP/1.0
/*! jQuery v1.12.4 ? © jQuery Foundation ? jquery.org/license */