-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Highest
-
Affects Version/s: 3.4.0
-
AMRIT Sprint 48, AMRIT Sprint 49
-
Platform
-
UAT
The application is currently using one or more third-party components or libraries that have known security vulnerabilities. These vulnerabilities could allow attackers to exploit flaws in outdated dependencies, leading to remote code execution, privilege escalation, data breaches, or denial of service.
| Vulnerability Name | Vulnerable Point, Port or Parameter | CVE/CWE | CVSS Score | Overall Risk (Severity) |
Mapping with OWASP Testing Checklist | Observation / Description | Impact | Recommendation | Reference | Steps to reproduce |
| Using Components With Known Vulnerabilities | https://uatamrit.piramalswasthya.org/1097/ https://uatamrit.piramalswasthya.org/104/ |
CWE-1104 | 6.1 | Medium | OWASP Configuration and Deploy Management Testing | Using outdated Bootstrap exposes the application to various known client-side vulnerabilities, such as XSS through insecure modal, tooltip, or markup handling, and potentially exploitable CSS or JS behaviors. | Attackers may leverage these vulnerabilities to execute malicious scripts, deface the UI, or escalate attacks via other components dependent on Bootstrap. Outdated libraries are often publicly indexed with proof-of-concept exploits, making unpatched components an easy target for mass attacks. |
Upgrade Bootstrap to the latest secure version and verify the update is reflected in all UI components. Regularly use dependency scanners like Retire.js to detect and mitigate risks from outdated JavaScript/CSS libraries in your pipeline. |
https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/ | Step : During the security assessment, the Retire.js tool was used to Scan JavaScript libraries on the target URL. The scan revealed that the application was using an outdated version of Bootstrap, which is known to contain security vulnerabilities addressed in newer releases. |
