Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-23064

Опубликовано: 26 июн. 2023
Источник: redhat
CVSS3: 6.3

Описание

A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 3grafanaOut of support scope
Red Hat Certificate System 10redhat-pki:10/pki-coreNot affected
Red Hat Certificate System 10redhat-pki:10/pki-extrasNot affected
Red Hat Certificate System 10redhat-pki:10/redhat-pkiNot affected
Red Hat Certification for Red Hat Enterprise Linux 6redhat-certification-backendAffected
Red Hat Certification for Red Hat Enterprise Linux 7python-testtoolsAffected
Red Hat Certification for Red Hat Enterprise Linux 7redhat-certificationAffected
Red Hat Decision Manager 7jqueryOut of support scope
Red Hat Discovery 1discovery-server-containerAffected
Red Hat Enterprise Linux 6firefoxNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2217733jquery: Cross-site scripting

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-23064

ubuntu
больше 2 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

nvd логотип

CVE-2020-23064

nvd
больше 2 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

github логотип

GHSA-257q-pv89-v3xv

CVSS3: 6.1
github
больше 2 лет назад

Duplicate Advisory: jQuery Cross Site Scripting vulnerability

fstec логотип

BDU:2023-07697

CVSS3: 6.1
fstec
больше 5 лет назад

Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовй скриптинг

6.3 Medium

CVSS3