Dear visitor, despite all the challenges, our team continues operating at full speed.

We are ready to help with any questions you may have. Please fill out this quick form and we'll get back to you.

Fill the form
Get Free Trial

Security issues

gautam asked on April 5, 2019

Hi Team,
I am using a licensed version of flexmonster. I carried out security scan at our end. And found out the following flaw in the js:
Cross-Site Scripting: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
at flexmonster.js
Attack Vector: jQueryResult.load
Could you please tell if this vulnerability is fixed in any version or this vulnerability is false as your code takes care of it by any way or Are there any security checks carried out at your end to ensure this vulnerability is mitigated.
Parul Gautam

1 answer

Ian Sadovy Flexmonster April 5, 2019

Hello Parul,
Thank you for the question.
We have removed jQuery dependency starting at version 2.4 (Aug 2017).
The message contains Attack Vector: jQueryResult.load so updating to the latest version (currently it is 2.7.2) should fix the issue.
Hope it helps.
BTW, could you please indicate your license owner’s company name (we need it for our internal records)?

Please login or Register to Submit Answer