Announcement

Collapse
No announcement yet.

Vbulletin 5 & Jquery

Collapse
X
Collapse
First Prev Next Last
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Vbulletin 5 & Jquery

    What version of Jquery does vbulletin 5 currently use? jquery-2.1.4?



    #2
    Yes vB 5.3.1 uses jQuery 2.1.4.

    You can change it in AdminCP under "Server Settings and Optimization Options" and use a different version but you have to test all the pages to make sure nothing is broken.
    Helpful? Donate. Thanks!
    Buy me a coffeePayPal QR Code
    Fast VPS Host for vBulletin:
    A2 Hosting & IONOS

    Comment


      #3
      A user of my forum sayd there is an exploit for jQuery 2.1.4.
      Are you aware of this? And what version do u use on this forum?

      And do you use the following option?
      Use Remote jQuery
      jQuery script files are hosted locally on your server, you may however have them served from Google, jQuery, or Microsoft servers, saving you some bandwidth and potentially decreasing load times.

      Comment


        #4
        I'm not aware of an exploit until you mentioned it. Thanks for mentioning it. I googled it and found this:

        Because of this jquery/src/ajax/script.js Line 18 in 250a199 jQuery.globalEval( text ); every text/javascript response gets executed. Even if we made a request to another service. CORS was created ...


        Is that what you were referring to?

        I don't think vB5 is directly affected as the exploit only occurs when you call $.get('http://othersite.com/blah.js') without specifying dataType and that external script returns malicious code.

        vB5 doesn't call external scripts via AJAX at all by default. But if you have a third-party mod, your site may be vulnerable to that exploit if a mod calls external scripts that way.
        Helpful? Donate. Thanks!
        Buy me a coffeePayPal QR Code
        Fast VPS Host for vBulletin:
        A2 Hosting & IONOS

        Comment


          #5
          They said they fixed the exploit in jQuery 3.x but I don't think that version is compatible with vB5. There are many breaking changes introduced in 3.x where jQuery methods that work in 2.x no longer work in 3.x.
          Helpful? Donate. Thanks!
          Buy me a coffeePayPal QR Code
          Fast VPS Host for vBulletin:
          A2 Hosting & IONOS

          Comment


            #6
            Btw, did you report this exploit to vB, 420? This might force them to upgrade jQuery to 3.x sooner rather than later.
            Helpful? Donate. Thanks!
            Buy me a coffeePayPal QR Code
            Fast VPS Host for vBulletin:
            A2 Hosting & IONOS

            Comment


            • 420
              420 commented
              Editing a comment
              No, because I did not investigate I will ask him for more information if it is the same.

          Users Viewing This Page

          Collapse

          There is 1 user viewing this forum topic.

          • Guest Guest

          Latest Posts

          Collapse

          Working...
          X
          Searching...Please wait.
          An unexpected error was returned: 'Your submission could not be processed because you have logged in since the previous page was loaded.

          Please push the back button and reload the previous window.'
          An unexpected error was returned: 'Your submission could not be processed because the token has expired.

          Please push the back button and reload the previous window.'
          An internal error has occurred and the module cannot be displayed.
          There are no results that meet this criteria.
          Search Result for "|||"