CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2424 matches found

Debian CVE•added 2020/04/29 12:0 a.m.•70 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.8AI score0.34098EPSS

Exploits6

AlpineLinux•added 2020/04/29 12:0 a.m.•108 views

CVE-2020-11023

6.9CVSS7.1AI score0.34098EPSS

Exploits6References108

CVE•added 2020/04/29 12:0 a.m.•7276 views

CVE-2020-11022

CVE-2020-11022 affects jQuery versions >=1.2 and =3.5.0 or apply vendor guidance where applicable.

6.9CVSS6.7AI score0.02391EPSS

In wildExploits7References71Affected Software1

Positive Technologies•added 2020/04/29 12:0 a.m.•3 views

PT-2020-4421

Name of the Vulnerable Software and Affected Versions: jQuery versions 1.0.3 through 3.4.1 Description: The issue arises from insufficient cleaning of user-provided data when passing HTML elements to jQuery's DOM manipulation methods, such as .html and .append. This can allow an attacker to execu...

7.5CVSS7.5AI score0.78686EPSS

Exploits30References403

EUVD•added 2020/04/29 12:0 a.m.•2 views

EUVD-2020-0383

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.4AI score0.02391EPSS

Exploits7References96

ATTACKERKB•added 2020/04/29 12:0 a.m.•257 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS7.1AI score0.34098EPSS

In wildExploits11References112

ATTACKERKB•added 2020/04/29 12:0 a.m.•97 views

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0. Recent assessments:...

6.9CVSS7.1AI score0.34098EPSS

In wildExploits11References52

CVE•added 2020/04/29 12:0 a.m.•6863 views

CVE-2020-11023

The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...

6.9CVSS7.2AI score0.34098EPSS

In wildExploits6References67Affected Software1

RubySec•added 2020/04/29 12:0 a.m.•34 views

Potential XSS vulnerability in jQuery

Impact Passing HTML containing elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Workarounds To workaround this issue without upgrading, use DOMPurify with its SAFEFORJQUERY option...

6.9CVSS7AI score0.34098EPSS

Exploits6References1Affected Software1

RubySec•added 2020/04/29 12:0 a.m.•44 views

Potential XSS vulnerability in jQuery

Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround the issue without upgrading, adding the...

6.9CVSS6.8AI score0.02391EPSS

Exploits7References1Affected Software1

AlpineLinux•added 2020/04/29 12:0 a.m.•123 views

CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.7AI score0.02391EPSS

Exploits7References76

Vulnrichment•added 2020/04/29 12:0 a.m.•16 views

CVE-2020-11023 Potential XSS vulnerability in jQuery

6.9CVSS6.9AI score0.34098EPSS

Exploits6References65

Cvelist•added 2020/04/29 12:0 a.m.•126 views

CVE-2020-11023 Potential XSS vulnerability in jQuery

6.9CVSS7.1AI score0.34098EPSS

Exploits6References65

0day.today•added 2020/04/28 12:0 a.m.•66 views

jQuery <= 3.5 html() Cross Site Scripting Exploit

Exploit for jsp platform in category web applications jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security...

7.1AI score

Exploits0

Veracode•added 2020/04/27 6:5 a.m.•7 views

Cross-site Scripting (XSS)

jquery is vulnerable to cross-site scripting XSS. The vulnerability exists as the htmlPrefilter method intercepted html code that can cause unwanted HTML to be rendered...

0.7AI score

Exploits0

Packet Storm•added 2020/04/25 12:0 a.m.•108 views

jQuery html() Cross Site Scripting

jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security platform estimates that 84% of all websites may be...

Exploits0

CNVD•added 2020/04/23 12:0 a.m.•11 views

jQuery cross-site scripting vulnerability (CNVD-2021-28726)

jQuery is a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in jQuery version 2.2.2. The vulnerability stems from a la...

6.1CVSS5.8AI score0.00298EPSS

Exploits0References1