The remote web server is affected by multiple cross site scripting vulnerabilities due to jQuery version greater than or equal to 1.2 and prior to 3.5.0. Upgrading to jQuery version 3.5.0 or later is the solution
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | [20200604] - Core - XSS in jQuery.htmlPrefilter | 10 Apr 202000:00 | – | joomla |
![]() | Debian DLA-2608-1 : jquery security update | 26 Mar 202100:00 | – | nessus |
![]() | openSUSE Security Update : otrs (openSUSE-2020-1888) | 12 Nov 202000:00 | – | nessus |
![]() | Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19) | 1 Sep 202200:00 | – | nessus |
![]() | Drupal 7.0.x < 7.70 / 7.0.x < 7.70 / 8.7.x < 8.7.14 / 8.8.x < 8.8.6 Multiple Vulnerabilities (drupal-2020-05-20) | 21 May 202000:00 | – | nessus |
![]() | Nessus Network Monitor < 5.13.0 Multiple Vulnerabilities (TNS-2021-02) | 12 Mar 202100:00 | – | nessus |
![]() | Oracle Linux 7 : jquery-ui (ELSA-2022-9177) | 1 Mar 202200:00 | – | nessus |
![]() | Atlassian Jira 8.0.x < 8.15.0 (JRASERVER-72052) | 6 Jul 202200:00 | – | nessus |
![]() | Fedora 32 : drupal8 (2020-36d2db5f51) | 17 Jun 202000:00 | – | nessus |
![]() | Oracle WebCenter Portal (October 2024 CPU) | 17 Oct 202400:00 | – | nessus |
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(136929);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/01/24");
script_cve_id("CVE-2020-11022", "CVE-2020-11023");
script_xref(name:"IAVB", value:"2020-B-0030");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/02/13");
script_name(english:"JQuery 1.2 < 3.5.0 Multiple XSS");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple cross site scripting
vulnerability.");
script_set_attribute(attribute:"description", value:
"According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater
than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios
required for successful exploitation do not exist on devices running a PAN-OS release.");
script_set_attribute(attribute:"see_also", value:"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/");
script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/PAN-SA-2020-0007");
script_set_attribute(attribute:"solution", value:
"Upgrade to JQuery version 3.5.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11023");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/29");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/28");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:jquery:jquery");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2020-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("jquery_detect.nasl", "palo_alto_version.nbin", "cisco_wlc_version.nasl", "cisco_apic_version.nbin");
script_require_keys("installed_sw/jquery");
script_exclude_keys("Host/Palo_Alto/Firewall/Version", "Host/Cisco/WLC/Version");
script_require_ports("Services/www", 80);
exit(0);
}
include('http.inc');
include('vcf.inc');
if (get_kb_item('Host/Palo_Alto/Firewall/Version'))
exit(0, 'The remote host is PAN-OS, and therefore not affected.');
if (get_kb_item('Host/Cisco/WLC/Version'))
exit(0, 'The remote host is a Cisco WLC, and therefore not affected.');
var appname = 'jquery';
get_install_count(app_name:appname, exit_if_zero:TRUE);
var jport = get_http_port(default:8081);
if (get_install_count(app_name:'Cisco APIC Software') > 0)
{
var installs = get_installs(app_name:'Cisco APIC Software', port:jport);
var length = 0;
if (!isnull(installs)) length = length(installs[1]);
if (length > 0)
{
exit(0, 'The remote host is a Cisco APIC, and therefore not affected.');
}
}
var app_info = vcf::get_app_info(app:appname, port:jport, webapp:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [{'min_version':'1.2','fixed_version':'3.5.0'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING,flags:{xss:TRUE});
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo