ubuntu 18.04. ispconfig 3.1.13 multiserver. we have a client who is trying to get PCI Compliance. he takes card payments using paypal, the checkout process redirects the user to paypals own site to take payments, no card details are stored on our server. due to this, I believe he is already PCI Compliant. he has been told however that he will be blocked from taking card payments unless his website is tested as fully PCI compliant. to this end, a security firm has been running compliance tests against one of our servers, and have come with a few issues on which it fails. (phpmyadmin version less than 4.8.3 etc. their ip getting blocked during port scanning etc. mostly easy fixes.) apart from one. our server fails pci compliance due to the jquery version. the full failure details are: JQuery 1.x < 1.12.0 / 2.x < 2.2.0 XSS PCI COMPLIANCE STATUS PCI Severity Level: MED FAIL VULNERABILITY DETAILS CVSS Base Score: 4.3 ID 12707722 Category: CGI abuses: XSS CVE ID: CVE-2015-9251 THREAT: The remove web server is affected by a cross site scripting vulnerability. IMPACT: According to the self-reported version in the script, the version of JQuery hosted on the remote web server is 1.x prior to 1.12.0 or 2.x prior to 2.2.0. It is, therefore, affected by a cross site scripting vulnerability when using location.host to select elements. SOLUTION: Upgrade to JQuery version 1.12.0 or later. RESULT: URL: https://********:8080/js/jquery.min.js Installed version : 2.1.3 Fixed version : 2.2.0 so my question are how easy is it to change the jquery that ispconfig uses? what problems will it cause? and, assuming it won't cause massive problems, exactly how would i change it? would be nice to get the server verified as PCI compliant anyway, and if i can get it done, i can create an article on what changes had to be made after following the perfect server tutorials to achieve compliance, as i'm sure i'm not the only one who'd want that.