Описание
A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 3 | grafana | Out of support scope | ||
| Red Hat Certificate System 10 | redhat-pki:10/pki-core | Not affected | ||
| Red Hat Certificate System 10 | redhat-pki:10/pki-extras | Not affected | ||
| Red Hat Certificate System 10 | redhat-pki:10/redhat-pki | Not affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 6 | redhat-certification-backend | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | python-testtools | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | redhat-certification | Affected | ||
| Red Hat Decision Manager 7 | jquery | Out of support scope | ||
| Red Hat Discovery | discovery-server-container | Affected | ||
| Red Hat Enterprise Linux 6 | firefox | Not affected |
Показывать по
Дополнительная информация
Статус:
6.3 Medium
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовй скриптинг
6.3 Medium
CVSS3