Hi Jacques, I think the dependency is related to bootstrap-select plugin. https://github.com/apache/ofbiz-site/network/alert/js/plugins/bootstrap-select/package.json/jquery/open
We might not be affected, though I will have a deeper look into it soon. Thanks and regards, Aditya Sharma On Wed, Sep 2, 2020 at 10:53 PM Jacques Le Roux < jacques.le.r...@les7arts.com> wrote: > Hi, > > I received an alert from GitHub Advisory <https://github.com/advisories> > about OFBiz site and [CVE-2017-16011] "Cross-Site Scripting in jQuery" > > Could someone test if updating to jQuery 1.9 would work? > > I could then, or anyone ready for that, upgrade the OFBiz site to use > jQuery 1.9 > > Thanks > > Jacques > >