Yas Arghavani System Engineering Company "https://www.sys-yaas.com/", a provider of information technology services and payment by Bank Mellat, is an affiliate member of Bank Mellat Information Technology Holding and provides all banking services of this bank, which is one of the most important banks in the Islamic Republic. Iran.
Unfortunately, the company's website has two important security issues that hackers can easily steal sensitive information by stealing cookies.
Problem explanation:
This site uses jQuery 3.4.1, which is a completely outdated version of the well-known Cross-site scripting vulnerabilities such as
CVE-2020-11022 with an average risk score of 5.5 according to the CVSSv3.1 Score
And
CVE-2020-11023 has an average risk score of 4.1 according to the CVSSv3.1 Score
And allows the hacker to exploit the problem to access sensitive information and cookies
And it is necessary to immediately update to the latest version 3.6.0 to solve the "vulnerable" security problem of jQuery
Bootstrap 4.3.1 This site also needs to be updated
"Update to the latest version 4.6.1 to fix the" vulnerable "security issue immediately"