Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-11022

Опубликовано: 23 апр. 2020
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.

Отчет

No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5cfme-gemsetWill not fix
Red Hat Enterprise Linux 6ipaOut of support scope
Red Hat Enterprise Linux 6pcpOut of support scope
Red Hat Enterprise Linux 6pcsOut of support scope
Red Hat Enterprise Linux 6python-coverageOut of support scope
Red Hat Enterprise Linux 6python-weberrorOut of support scope
Red Hat Enterprise Linux 7cockpitOut of support scope
Red Hat Enterprise Linux 7ipsilonOut of support scope
Red Hat Enterprise Linux 7pcpNot affected
Red Hat Enterprise Linux 7pcsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1828406jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

EPSS

Процентиль: 89%
0.04682
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-11022

CVSS3: 6.9
ubuntu
около 5 лет назад

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

nvd логотип

CVE-2020-11022

CVSS3: 6.9
nvd
около 5 лет назад

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

debian логотип

CVE-2020-11022

CVSS3: 6.9
debian
около 5 лет назад

In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...

github логотип

GHSA-gxr4-xjj5-5px2

CVSS3: 6.9
github
около 5 лет назад

Potential XSS vulnerability in jQuery

fstec логотип

BDU:2020-05190

CVSS3: 6.1
fstec
около 5 лет назад

Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

EPSS

Процентиль: 89%
0.04682
Низкий

6.1 Medium

CVSS3