Skip to main content
OutSystems

FALSE POSITIVE - jquery 1.8.3 flagged as a vulnerable library

Problem

Some Penetration Testing tools may flag OutSystems as having a vulnerable jquery library.

OutSystems uses jquery version 1.8.3 which has the following known vulnerability #11290 which relates to a potential Cross Site Scripting vulnerability in jquery's selector operator ( $ ).

Resolution

While the jquery version we ship with OutSystems is based  on 1.8.3, it does contain some changes made by OutSystems. In particular, as of OutSystems version 9.1.401.0 the fix was backported and the $ operator should no longer be vulnerable to this attack.