Potential XSS vulnerability in jQuery
CVE-2020-11022

6.9MEDIUM

Key Information:

Vendor

Jquery

Status
Jquery
Vendor
CVE Published:
29 April 2020

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 19%

What is CVE-2020-11022?

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

jQuery >= 1.2, < 3.5.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-11022-CVE-2020-11023
Created by 0xAJ2K

https-nj.gov---CVE-2020-11022
Created by Snorlyd

References

https://www.debian.org/security/2020/dsa-4693
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.