Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0
allows a remote attacker to execute arbitrary code via the <options>
element.

Notes

Author	Note
mdeslaur	This is a backwards-incompatible change that breaks existing software. See the upgrade guide for more info: https://jquery.com/upgrade-guide/3.5/ This may be a dupe of CVE-2020-11023

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchjquery< anyUNKNOWN
ubuntu20.04noarchjquery< anyUNKNOWN
ubuntu14.04noarchjquery< anyUNKNOWN
ubuntu16.04noarchjquery< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	jquery	< any	UNKNOWN
ubuntu	20.04	noarch	jquery	< any	UNKNOWN
ubuntu	14.04	noarch	jquery	< any	UNKNOWN
ubuntu	16.04	noarch	jquery	< any	UNKNOWN

References

blog.jquery.com/2020/04/10/jquery-3-5-0-released/

launchpad.net/bugs/cve/CVE-2020-23064

nvd.nist.gov/vuln/detail/CVE-2020-23064

security-tracker.debian.org/tracker/CVE-2020-23064

snyk.io/vuln/SNYK-JS-JQUERY-565129

www.cve.org/CVERecord?id=CVE-2020-23064

debiancve 2

cve 2

ibm 38

openvas 23

nessus 55

github 3

prion 2

redhatcve 2

osv 12

redhat 10

zdt 1

packetstorm 1

amazon 1

oraclelinux 5

alpinelinux 1

ics 2

cvelist 1

almalinux 2

ubuntucve 1

f5 1

veracode 1

rocky 2

exploitdb 1

suse 3

attackerkb 2

hp 2

githubexploit 2

debian 2

atlassian 5

fedora 6

joomla 1

checkpoint_advisories 1

drupal 1

typo3 1

gentoo 1

altlinux 1

freebsd 1

adobe 1

debiancve

CVE-2020-23064

2023-06-26 19:15:09

CVE-2020-11023

2020-04-29 21:15:00

cve

CVE-2020-23064

2023-06-26 19:15:09

CVE-2020-11023

2020-04-29 21:15:00

ibm

Security Bulletin: Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022)

2024-01-02 11:00:11

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing (PUB) jQuery Vulnerability

2024-02-15 08:30:09

Security Bulletin: A vulnerability in jquery may affect IBM Robotic Process Automation for Cloud Pak and result in an attacker obtaining sensitive information. (CVE-2020-23064)

2023-11-01 22:16:47

openvas

Huawei EulerOS: Security Advisory for doxygen (EulerOS-SA-2023-2784)

2023-09-11 00:00:00

Huawei EulerOS: Security Advisory for doxygen (EulerOS-SA-2023-2808)

2023-09-11 00:00:00

Huawei EulerOS: Security Advisory for python-sphinx (EulerOS-SA-2023-2823)

2023-09-11 00:00:00

nessus

EulerOS 2.0 SP10 : python-sphinx (EulerOS-SA-2023-2823)

2024-01-16 00:00:00

JQuery < 3.5.0 XSS

2023-10-06 00:00:00

EulerOS 2.0 SP10 : doxygen (EulerOS-SA-2023-2784)

2024-01-16 00:00:00

github

Duplicate Advisory: jQuery Cross Site Scripting vulnerability

2023-06-26 21:30:58

Potential XSS vulnerability in jQuery

2020-04-29 22:19:14

Persistent Cross-site Scripting vulnerability in PrivateBin

2022-04-12 20:45:22

prion

Cross site scripting

2023-06-26 19:15:00

Code injection

2020-04-29 21:15:00

redhatcve

CVE-2020-23064

2023-07-03 05:17:03

CVE-2020-11023

2021-06-20 07:11:02

osv

jQuery Cross Site Scripting vulnerability

2023-06-26 21:30:58

CVE-2020-23064

2023-06-26 19:15:09

Potential XSS vulnerability in jQuery

2020-04-29 22:19:14

redhat

(RHSA-2021:1846) Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-18 06:14:07

(RHSA-2021:0860) Moderate: ipa security and bug fix update

2021-03-16 10:27:14

(RHSA-2020:5412) Moderate: python-XStatic-jQuery224 security update

2020-12-15 17:29:55

zdt

jQuery 1.0.3 - Cross-Site Scripting Vulnerability

2021-04-14 00:00:00

packetstorm

jQuery 1.0.3 Cross Site Scripting

2021-04-14 00:00:00

amazon

Medium: ipa

2021-04-20 17:55:00

oraclelinux

bootstrap security update

2021-08-09 00:00:00

ipa security and bug fix update

2021-03-19 00:00:00

idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-25 00:00:00

alpinelinux

CVE-2020-11023

2020-04-29 21:15:00

ics

Sensormatic Electronics VideoEdge

2021-11-02 12:00:00

Siemens SINEMA Remote Connect Server

2024-03-14 12:00:00

cvelist

CVE-2020-11023 Potential XSS vulnerability in jQuery

2020-04-29 00:00:00

almalinux

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-18 06:14:07

Low: pcs security, bug fix, and enhancement update

2021-11-09 08:21:49

ubuntucve

CVE-2020-11023

2020-04-29 00:00:00

K66544153 : jQuery vulnerability CVE-2020-11023

2020-08-03 00:00:00

veracode

Cross-Site Scripting (XSS)

2020-04-30 02:21:22

rocky

idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-18 06:14:07

pcs security, bug fix, and enhancement update

2021-11-09 08:21:49

exploitdb

jQuery 1.0.3 - Cross-Site Scripting (XSS)

2021-04-14 00:00:00

suse

Security update for otrs (moderate)

2020-11-10 00:00:00

Security update for cacti, cacti-spine (moderate)

2020-07-25 00:00:00

Security update for cacti, cacti-spine (moderate)

2020-07-28 00:00:00

attackerkb

CVE-2020-11022

2020-04-29 00:00:00

CVE-2020-11023

2020-04-29 00:00:00

Certain HP Printers and MFP products - Cross-Site Scripting (XSS)

2020-09-17 00:00:00

HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)

2020-09-17 00:00:00

githubexploit

Exploit for Cross-site Scripting in Jquery

2021-10-16 01:10:33

Exploit for Cross-site Scripting in Jquery

2020-04-14 19:12:01

debian

[SECURITY] [DLA 2608-1] jquery security update

2021-03-26 01:32:42

[SECURITY] [DSA 4693-1] drupal7 security update

2020-05-26 21:08:38

atlassian

jquery 2.2.4 XSS vulnerability

2022-08-24 14:53:45

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

2021-02-02 09:59:24

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

2021-02-02 09:59:24

fedora

[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32

2020-06-16 01:32:24

[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33

2020-09-25 17:15:48

[SECURITY] Fedora 32 Update: cacti-1.2.13-1.fc32

2020-07-23 01:06:59

joomla

[20200604] - Core - XSS in jQuery.htmlPrefilter

2020-04-10 00:00:00

checkpoint_advisories

jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)

2020-11-16 00:00:00

drupal

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

2020-05-20 00:00:00

typo3

Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)

2020-07-29 00:00:00

gentoo

Cacti: Multiple vulnerabilities

2020-07-26 00:00:00

altlinux

Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1

2020-10-21 00:00:00

freebsd

Cacti -- multiple vulnerabilities

2020-07-15 00:00:00

adobe

APSB19-38 Security update available for Adobe Experience Manager

2019-07-09 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.0004 Low

EPSS

Percentile

14.8%

JSON

Related for UB:CVE-2020-23064