Below vulnerability reported on VAPT.
Plugin Name - JQuery 1.2 < 3.5.0 Multiple XSS
CVE-Combined - CVE-2020-11022,CVE-2020-11023
Synopsis - The remote web server is affected by multiple cross site scripting vulnerability.
Description -
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios
required for successful exploitation do not exist on devices running a PAN-OS release.
Solution - Upgrade to JQuery version 3.5.0 or later.
See also -
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://security.paloaltonetworks.com/PAN-SA-2020-0007
Plugin Output---
URL : http://x.x.x.x/third_party/jquery/jquery-1.10.1.min.js
Installed version : 1.10.1
Fixed version : 3.5.0
Wondering if above vulnerability is applicable for Product Model - MS425-16 & firmware 12.28, anyone please help on this. Also share if any other document available which describes more about this vulnerability in Meraki platform.