We received a report A page on our web site is being blocked by avast. The page is htxps://webstore.maplesoft.com/payment.aspx. Note that in order to see that someone would first need to add a product to the shopping cart (go to htxps://webstore.maplesoft.com) and go through the check-out process until you reach the page that asks for payment. This is the page that is being blocked.
Is this an incorrect flag within your system, or is there actually something on our site that needs to be corrected?
Thank you very much for any information you can provide.
-webstore.maplesoft.com
IIS, headers - 8.5 Not vulnerable ASP.Net, headers - 4.0.30319 Not vulnerable
Microsoft IIS, headers - 8.5 Not vulnerable
jQuery, script Not vulnerable
jQuery UI, script - 1.11.4 Not vulnerable
2017 Vulners.comvulners.com 22% tracking on website page and 44% ads.
Retirable code: Retire.js
jquery-ui-dialog 1.11.4 Found in -https://code.jquery.com/ui/1.11.4/jquery-ui.js
Vulnerability info:
High CVE-2016-7103 281 XSS Vulnerability on closeText option
jquery 1.10.2 Found in -https://code.jquery.com/jquery-1.10.2.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Wait for a final verdict from avast team to hear whether this could be a false positive,
as they are the only ones that can come and unblock,
as we here are just volunteers with specific relevant expertise, but not avast team members.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)