Skip to main content

FALSE POSITIVE - jquery 1.8.3 flagged as a vulnerable library


Some Penetration Testing tools may flag OutSystems as having a vulnerable jquery library.

OutSystems uses jquery version 1.8.3 which has the following known vulnerability #11290 which relates to a potential Cross Site Scripting vulnerability in jquery's selector operator ( $ ).


While the jquery version we ship with OutSystems is based  on 1.8.3, it does contain some changes made by OutSystems. In particular, as of OutSystems version 9.1.401.0 the fix was backported and the $ operator should no longer be vulnerable to this attack.