Vulnerabilities

# Vulnerabilities ## 1. sql query in request parameter * Don't need to be addressed. * Even though user tried to make direct sql query by this, user will see only data to which user is autorized to by khoros managed permissions. ## 2. Javascript dependencies 1. JQuery 3. JQuery-ui 3. JQuery-ui-dialog ## JQuery usage and components to be impacted on update | __ROW_PATH__ | usagesCount | |-----------------------------------------------|-------------| | AppsGallery.CardsMessageList.ftl | 12 | | CookBookGallery.CardsMessageList.ftl | 12 | | CookBookGallery.PostPage.Form.ftl | 106 | | Custom.CardsMessageList.ftl | 9 | | Custom.SocialButtons.Script.ftl | 5 | | Custom.Topic.Header.Mbas.ftl | 3 | | Custom.Topic.Header.ftl | 3 | | Gallery.CardsMessageList.ftl | 14 | | Gallery.PostPage.Form.ftl | 102 | | Gallery.Topic.Header.ftl | 8 | | Gallery.TopicViewer.ftl | 36 | | Gallery.require_login.ftl | 3 | | KidsGallery.CardsMessageList.ftl | 12 | | KidsGallery.PostPage.Form.ftl | 111 | | KidsGallery.Topic.Header.ftl | 3 | | KidsGallery.VideoViewer.ftl | 9 | | MbasGallery.CardsMessageList.ftl | 33 | | MbasGallery.PostPage.Form.ftl | 98 | | PBI_TopIdeas.ftl | 7 | | PCFGallery.CardsMessageList.ftl | 12 | | PCFGallery.PostPage.Form.ftl | 112 | | PUG_AnnouncementPanelHeader.ftl | 2 | | PUG_ClaimBadge.ftl | 8 | | PowerPointGallery.CardsMessageList.ftl | 9 | | PowerPointGallery.PostPage.Form.ftl | 101 | | PowerPointGallery.Topic.Header.ftl | 9 | | Showcase.Form.js.ftl | 90 | | Showcase.MenuBar.Heading.ftl | 2 | | Showcase.Topic.ReportViewer.ftl | 8 | | ThemesGallery.PostPage.Form.ftl | 95 | | VideoGallery.CardsMessageList.ftl | 12 | | VideoGallery.PostPage.Form.ftl | 98 | | VideoGallery.Topic.Header.ftl | 3 | | VideoGallery.VideoViewer.ftl | 19 | | WebinarGallery.CardsMessageList.ftl | 9 | | WebinarGallery.PostPage.Form.ftl | 91 | | WebinarGallery.Topic.Header.ftl | 3 | | WebinarGallery.Viewer.ftl | 7 | | add_hidden_div.ftl | 40 | | community.widget.admin-links@override.ftl | 2 | | crossCommunity_adminPage.ftl | 1 | | crossCommunity_source_identifier.ftl | 10 | | cross_community.ftl | 133 | | cross_syndication_icon.ftl | 18 | | crosscommunity_metrics.ftl | 7 | | custom-appcache-check-gh-infinitescroll.ftl | 55 | | custom-events-infinitescroll.ftl | 40 | | custom-events-list.ftl | 6 | | custom-grouphub-form.ftl | 225 | | custom-idea-discussion-enhancer.ftl | 6 | | custom-idea-page-enhancer.ftl | 21 | | custom.UG-request-handler.ftl | 14 | | custom.cookie_banner.ftl | 13 | | custom.cookie_banner_new.ftl | 7 | | custom.create-event-button.ftl | 1 | | custom.create-event-form.ftl | 1 | | custom.event-avatar.ftl | 8 | | custom.event-host.ftl | 3 | | custom.event-info-details.ftl | 85 | | custom.event-info-location-fields.ftl | 5 | | custom.event-registered-members.ftl | 16 | | custom.event-resources.ftl | 1 | | custom.events-breadcrumb.ftl | 40 | | custom.events-you-might-like.ftl | 2 | | custom.form-field.category.ftl | 23 | | custom.form-field.msg_end_date.ftl | 5 | | custom.form-field.msg_end_datetime.ftl | 5 | | custom.grouphub-avatar.ftl | 38 | | custom.grouphub-breadcrumb.ftl | 42 | | custom.grouphub-discussions.ftl | 9 | | custom.grouphub-infinitescroll.ftl | 55 | | custom.grouphub-landing-tab-view.ftl | 16 | | custom.grouphub-leaders.ftl | 1 | | custom.grouphub-list-angular.ftl | 18 | | custom.grouphub-list.ftl | 6 | | custom.grouphub-locationWidget.ftl | 1 | | custom.grouphub-management.ftl | 1 | | custom.grouphub-members-tab.ftl | 2 | | custom.grouphub-members.ftl | 15 | | custom.grouphub-occasion-discussions.ftl | 7 | | custom.grouphub-post-edit-form.ftl | 4 | | custom.grouphub-post-form-fields.ftl | 87 | | custom.grouphub-privatemessage.ftl | 8 | | custom.grouphub-resources.ftl | 1 | | custom.grouphub-share-button.ftl | 56 | | custom.grouphub-upcoming-event.ftl | 3 | | custom.grouphub-you-might-like.ftl | 1 | | custom.grouphubs-landing-breadcrumbs.ftl | 42 | | custom.hosted-events.ftl | 1 | | custom.past-events.ftl | 1 | | custom.pp-landing-page-tiles.ftl | 5 | | custom.responsive-tabs-handler.ftl | 38 | | custom.start-a-discussion.ftl | 4 | | custom.ug-first-run-loader.ftl | 1 | | custom.ug-metrics-details.ftl | 12 | | custom.widget.announcement-carousal.ftl | 3 | | events-form-js-empty-label.ftl | 7 | | events-form-js.ftl | 46 | | external.widget.add-this@override.ftl | 5 | | external.widget.share-button@override.ftl | 5 | | lib-dialog-css-js.ftl | 6 | | mbas-list.ftl | 36 | | mbas-post.ftl | 124 | | mbas-topic.ftl | 1 | | mbas-video-viewer.ftl | 12 | | ng-infinite-scroll-lib-KhorosAngular.ftl | 2 | | ng-infinite-scroll-lib.ftl | 2 | | share-button@override.ftl | 5 | | side-tabs-iframe.ftl | 9 | | side-tabs.ftl | 12 | | tab-buttons.ftl | 12 | | test.custom.form-field.msg_start_datetime.ftl | 2 | | testtest.ftl | 4 | | testtest2.ftl | 4 | ## 3. TLS Renegotiation and Denial of Service Attacks * Vulnerabitity is about ssl handshake from server side. * We are not handling none of networking on our side. * created a khoros support case for server side input. * Tracking in ADo 18206