4.3
CVSSv2

CVE-2020-11022

Published: 29/04/2020 Updated: 31/05/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Vulnerability Trend

Affected Products

Vendor Product Versions
JqueryJquery1.2, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.3, 1.3.0, 1.3.1, 1.3.2, 1.4, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5, 1.5.0, 1.5.1, 1.5.2, 1.6, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.9.0, 1.9.1, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.11.2, 3.0.0, 3.0.5, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.4.0, 3.4.1

Vendor Advisories

Synopsis Moderate: OpenShift Container Platform 311 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 311219 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this up ...
Several vulnerabilities were discovered in Drupal, a fully-featured content management framework, which could result in an open redirect or cross-site scripting For the oldstable distribution (stretch), these problems have been fixed in version 752-2+deb9u10 We recommend that you upgrade your drupal7 packages For the detailed security status of ...

Github Repositories

snyk-js-jquery-565129 snyk-js-jquery-567880 cve-2020-11022 cve-2020-11023 cve snyk