seanmarpo/DevAudit.out

## DevAudit.out
PS C:\Users\seanm\Desktop\test\Templates-master\Source\MVC5\Boilerplate.Web.Mvc5.Sample> devaudit.exe nuget .
 _____                 _______            __  __  __
|     \ .-----..--.--.|   _   |.--.--..--|  ||__||  |_
|  --  ||  -__||  |  ||       ||  |  ||  _  ||  ||   _|
|_____/ |_____| \___/ |___|___||_____||_____||__||____|


v2.0.3.52
21:46:21<01> [AUDIT] [STATUS] Scanning NuGet packages.
Scanning NuGet packages...
21:46:21<01> [AUDIT] [SUCCESS] Scanned 33 NuGet packages.
Searching OSS Index for vulnerabilities for 33 packages...
21:46:22<05> [AUDIT] [SUCCESS] Found 13 vulnerabilities for 33 package(s) on OSS Index in 1184 ms.
21:46:22<05> [AUDIT] [INFO] Evaluated 13 vulnerabilities with 3 matches to package version in 103 ms.

Package Source Audit Results
============================
3 total vulnerabilities found in NuGet package source audit. Total time for audit: 1365 ms.

[1/6] jQuery [VULNERABLE]  7 known vulnerabilities,  2 affecting installed package version(s): [2.2.3]
--[1/2] [Duplicate] Cross Site Scripting (XSS)
  --Description: See https://ossindex.net/resource/vulnerability/8399962417

Requests to third-party resources with a text/javascript response type are automatically evaluated, which can result in
the execution of arbitrary code.
  --Affected versions: >1.12.3 <3.0.0-beta1
--[2/2] Cross Site Scripting (XSS) in parseHTML
  --Description: > Scripts passed in event attributes are executed in parseHTML immediately, without any possibility for
 the user to intervene
>
> -- [github.com](https://github.com/jquery/jquery/pull/1505)
  --Affected versions: <3.0.0

[2/6] bootstrap.less [VULNERABLE]  2 known vulnerabilities,  1 affecting installed package version(s): [3.3.6]
--[1/1] Cross Site Scripting (XSS) in data-target attribute
  --Description: The data-target attribute is vulnerable to Cross-Site Scripting attacks when user-data is supplied to t
he data-target attribute.
  --Affected versions: <= 3.3.7

[3/6] Glimpse 1 known vulnerability, 0 affecting installed package version(s).
[4/6] Glimpse.AspNet 1 known vulnerability, 0 affecting installed package version(s).
[5/6] jQuery.Validation 1 known vulnerability, 0 affecting installed package version(s).
[6/6] Microsoft.AspNet.Mvc 1 known vulnerability, 0 affecting installed package version(s).
PS C:\Users\seanm\Desktop\test\Templates-master\Source\MVC5\Boilerplate.Web.Mvc5.Sample>
	PS C:\Users\seanm\Desktop\test\Templates-master\Source\MVC5\Boilerplate.Web.Mvc5.Sample> devaudit.exe nuget .
	_____ _______ __ __ __
	\| \ .-----..--.--.\| _ \|.--.--..--\| \|\|__\|\| \|_
	\| -- \|\| -__\|\| \| \|\| \|\| \| \|\| _ \|\| \|\| _\|
	\|_____/ \|_____\| \___/ \|___\|___\|\|_____\|\|_____\|\|__\|\|____\|


	v2.0.3.52
	21:46:21<01> [AUDIT] [STATUS] Scanning NuGet packages.
	Scanning NuGet packages...
	21:46:21<01> [AUDIT] [SUCCESS] Scanned 33 NuGet packages.
	Searching OSS Index for vulnerabilities for 33 packages...
	21:46:22<05> [AUDIT] [SUCCESS] Found 13 vulnerabilities for 33 package(s) on OSS Index in 1184 ms.
	21:46:22<05> [AUDIT] [INFO] Evaluated 13 vulnerabilities with 3 matches to package version in 103 ms.

	Package Source Audit Results
	============================
	3 total vulnerabilities found in NuGet package source audit. Total time for audit: 1365 ms.

	[1/6] jQuery [VULNERABLE] 7 known vulnerabilities, 2 affecting installed package version(s): [2.2.3]
	--[1/2] [Duplicate] Cross Site Scripting (XSS)
	--Description: See https://ossindex.net/resource/vulnerability/8399962417

	Requests to third-party resources with a text/javascript response type are automatically evaluated, which can result in
	the execution of arbitrary code.
	--Affected versions: >1.12.3 <3.0.0-beta1
	--[2/2] Cross Site Scripting (XSS) in parseHTML
	--Description: > Scripts passed in event attributes are executed in parseHTML immediately, without any possibility for
	the user to intervene
	>
	> -- [github.com](https://github.com/jquery/jquery/pull/1505)
	--Affected versions: <3.0.0

	[2/6] bootstrap.less [VULNERABLE] 2 known vulnerabilities, 1 affecting installed package version(s): [3.3.6]
	--[1/1] Cross Site Scripting (XSS) in data-target attribute
	--Description: The data-target attribute is vulnerable to Cross-Site Scripting attacks when user-data is supplied to t
	he data-target attribute.
	--Affected versions: <= 3.3.7

	[3/6] Glimpse 1 known vulnerability, 0 affecting installed package version(s).
	[4/6] Glimpse.AspNet 1 known vulnerability, 0 affecting installed package version(s).
	[5/6] jQuery.Validation 1 known vulnerability, 0 affecting installed package version(s).
	[6/6] Microsoft.AspNet.Mvc 1 known vulnerability, 0 affecting installed package version(s).
	PS C:\Users\seanm\Desktop\test\Templates-master\Source\MVC5\Boilerplate.Web.Mvc5.Sample>