Vulnerable JS-library

[mariahaider]

Hi,

Below vulnerabilities were detected from the web GUI of NIPAP.
Can these please be upgraded?
I used the Retire.js extension in Chrome to detect them.

content.js:19 Loaded script with known vulnerabilities: http://nipap-demo.spritelink.net/angular-route-1.5.3.min.js

• angularjs 1.5.3 - Info: https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02 https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html Angular 1.5.8 Ban mozilla/addons-linter#1000 (comment) http://pastebin.com/raw/kGrdaypP https://github.com/angular/angular.js/blob/master/CHANGELOG.md angular/angular.js@8f31f1f
  (anonymous) @ content.js:19

content.js:19 Loaded script with known vulnerabilities: http://nipap-demo.spritelink.net/jquery-1.9.1.min.js

• jquery 1.9.1.min - Info: Inadequate/dangerous jQuery behavior for 3rd party text/javascript responses  jquery/jquery#2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/
  (anonymous) @ content.js:19

content.js:19 Loaded script with known vulnerabilities: http://nipap-demo.spritelink.net/angular-1.5.3.min.js

• angularjs 1.5.3.min - Info: https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02 https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html Angular 1.5.8 Ban mozilla/addons-linter#1000 (comment) http://pastebin.com/raw/kGrdaypP https://github.com/angular/angular.js/blob/master/CHANGELOG.md angular/angular.js@8f31f1f
  (anonymous) @ content.js:19

content.js:19 Loaded script with known vulnerabilities: http://nipap-demo.spritelink.net/jquery-ui-1.10.0.custom.min.js

• jquery-ui-dialog 1.10.0 - Info: XSS Vulnerability on closeText option of Dialog jQuery UI jquery/api.jqueryui.com#281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721
• jquery-ui-autocomplete 1.10.0 - Info:
• jquery-ui-tooltip 1.10.0 - Info:

[pamelia]

ping @garberg

[garberg]

Should be fixed in #1201.

[mariahaider]

Hi, thank you for fixing it. It seems that it is fixed in the latest version which is 0.29.7. The stable version still has the older vulnerabilities. Could you please include these updates in the stable version too?