We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2020-11023

Potential XSS vulnerability in jQuery



Description

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Reserved 2020-03-30 | Published 2020-04-29 | Updated 2025-02-10 | Assigner GitHub_M


MEDIUM: 6.9CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

CISA Known Exploited Vulnerability

Date added 2025-01-23 | Due date 2025-02-13

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

>= 1.0.3, < 3.5.0
affected

References

www.debian.org/security/2020/dsa-4693 (DSA-4693) vendor-advisory

lists.fedoraproject.org/...QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/ (FEDORA-2020-36d2db5f51) vendor-advisory

www.oracle.com/security-alerts/cpujul2020.html

jquery.com/upgrade-guide/3.5/

security.netapp.com/advisory/ntap-20200511-0006/

www.drupal.org/sa-core-2020-002

github.com/...jquery/security/advisories/GHSA-jpcq-cgw6-v4j6

blog.jquery.com/2020/04/10/jquery-3-5-0-released

lists.opensuse.org/...ecurity-announce/2020-07/msg00067.html (openSUSE-SU-2020:1060) vendor-advisory

security.gentoo.org/glsa/202007-03 (GLSA-202007-03) vendor-advisory

lists.opensuse.org/...ecurity-announce/2020-07/msg00085.html (openSUSE-SU-2020:1106) vendor-advisory

lists.apache.org/...3688fbcc21f06ec@ ([hive-issues] 20200813 [jira] [Assigned] (HIVE-24039) update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...ec8855d60a0dd13248@ ([hive-dev] 20200813 [jira] [Created] (HIVE-24039) update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...8a151d4cb0b3b15@ ([hive-issues] 20200813 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...01667675af6721c@ ([hive-gitbox] 20200813 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...e8806b59812a8ea@ ([hive-issues] 20200902 [jira] [Work started] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...fc5a63ba7dee8c9@ ([hive-issues] 20200902 [jira] [Commented] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...6af41d4e9dbed49@ ([hive-issues] 20200902 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...5d73fc113ded8e7@ ([hive-issues] 20200902 [jira] [Comment Edited] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...e25b12baa8fc7c5@ ([hive-issues] 20200904 [jira] [Assigned] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...ad40dd428ce8f72@ ([hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...d94757878320d61@ ([hive-gitbox] 20200911 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...08e997e088e7a93@ ([hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh closed pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...0e2937ef8417fac@ ([hive-gitbox] 20200912 [GitHub] [hive] rajkrrsingh opened a new pull request #1403: Hive 24039 : Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.fedoraproject.org/...SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/ (FEDORA-2020-fbb94073a1) vendor-advisory

lists.fedoraproject.org/...AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/ (FEDORA-2020-0b32a59b54) vendor-advisory

lists.apache.org/...8a99022f15274c6@ ([hive-issues] 20200915 [jira] [Resolved] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...5ada523c3401d9@ ([hive-commits] 20200915 [hive] branch master updated: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023 (#1403)) mailing-list

lists.apache.org/...f21cac2303463b1@ ([hive-issues] 20200915 [jira] [Work logged] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...3ef951ddac4918c@ ([hive-gitbox] 20200915 [GitHub] [hive] kgyrtkirk merged pull request #1403: HIVE-24039 : Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.apache.org/...e9138d07e86ebbb@ ([hive-issues] 20200915 [jira] [Updated] (HIVE-24039) Update jquery version to mitigate CVE-2020-11023) mailing-list

lists.fedoraproject.org/...SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/ (FEDORA-2020-fe94df8c34) vendor-advisory

lists.apache.org/...01e1d75a2b0679@ ([nifi-commits] 20200930 svn commit: r1882168 - /nifi/site/trunk/security.html) mailing-list

www.oracle.com/security-alerts/cpuoct2020.html

lists.apache.org/...e679c11c609e2d@ ([flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

lists.apache.org/...d3bce56b48c0ffa67@ ([flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

lists.opensuse.org/...ecurity-announce/2020-11/msg00039.html (openSUSE-SU-2020:1888) vendor-advisory

lists.apache.org/...011ff00b8b1f48@ ([flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

lists.apache.org/...a1819d311ba4f5330@ ([felix-dev] 20201208 [jira] [Created] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023) mailing-list

lists.apache.org/...5dcce374112ed6e16@ ([felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023) mailing-list

lists.apache.org/...baba981a8dbd9c9ef@ ([felix-dev] 20201208 [GitHub] [felix-dev] cziegeler merged pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023) mailing-list

lists.apache.org/...736abae0cc7625fe6@ ([felix-dev] 20201208 [GitHub] [felix-dev] abhishekgarg18 opened a new pull request #64: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023) mailing-list

lists.apache.org/...8ebd7bd750844898e@ ([felix-dev] 20201208 [jira] [Commented] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023) mailing-list

lists.apache.org/...88898c372ac807817@ ([felix-dev] 20201208 [jira] [Assigned] (FELIX-6366) 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023) mailing-list

lists.apache.org/...4a487c4ea247c@ ([felix-commits] 20201208 [felix-dev] branch master updated: FELIX-6366 1.0.3 < jQuery <3.4.0 is vulnerable to CVE-2020-11023 (#64)) mailing-list

lists.apache.org/...1f2d4871012141494@ ([felix-dev] 20201208 [jira] [Updated] (FELIX-6366) 1.0.3 < jQuery <3.5.0 is vulnerable to CVE-2020-11023) mailing-list

www.oracle.com/security-alerts/cpujan2021.html

lists.apache.org/...f6326d2956735c@ ([flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

lists.apache.org/...df5d73c49a0760@ ([flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

lists.debian.org/debian-lts-announce/2021/03/msg00033.html ([debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update) mailing-list

lists.apache.org/...059f3965b3fce2@ ([flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

lists.apache.org/...f2b4eabeaae5e4@ ([flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

lists.apache.org/...5f31c2e7d977ae@ ([flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

lists.apache.org/...0a2bf6e2f8d108@ ([flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

www.oracle.com/security-alerts/cpuApr2021.html

www.tenable.com/security/tns-2021-10

www.tenable.com/security/tns-2021-02

packetstormsecurity.com/...y-1.0.3-Cross-Site-Scripting.html

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuoct2021.html

lists.apache.org/...9d780dc1cc7d36@ ([flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler) mailing-list

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujul2022.html

lists.debian.org/debian-lts-announce/2023/08/msg00040.html ([debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update) mailing-list

cve.org (CVE-2020-11023)

nvd.nist.gov (CVE-2020-11023)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2020-11023

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456