Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2020-11022HistoryApr 29, 2020 - 10:15 p.m.
CVE-2020-11022
2020-04-2922:15:00
Debian Security Bug Tracker
security-tracker.debian.org
45
0.061 Low
EPSS
Percentile
93.5%
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | jquery | < 3.3.1~dfsg-3+deb10u1 | jquery_3.3.1~dfsg-3+deb10u1_all.deb |
| Debian | 12 | all | node-jquery | < 3.5.0+dfsg-2 | node-jquery_3.5.0+dfsg-2_all.deb |
| Debian | 11 | all | node-jquery | < 3.5.0+dfsg-2 | node-jquery_3.5.0+dfsg-2_all.deb |
| Debian | 10 | all | node-jquery | <= 2.2.4+dfsg-4 | node-jquery_2.2.4+dfsg-4_all.deb |
| Debian | 999 | all | node-jquery | < 3.5.0+dfsg-2 | node-jquery_3.5.0+dfsg-2_all.deb |
| Debian | 13 | all | node-jquery | < 3.5.0+dfsg-2 | node-jquery_3.5.0+dfsg-2_all.deb |
| Debian | 11 | all | otrs2 | < 6.0.30-1 | otrs2_6.0.30-1_all.deb |
| Debian | 10 | all | otrs2 | < 6.0.16-2+deb10u1 | otrs2_6.0.16-2+deb10u1_all.deb |
Related
openvas
openvas
jQuery 1.2 < 3.5.0 XSS Vulnerability
2020-05-05 00:00:00
Tenable Nessus < 8.13.0 XSS Vulnerability (TNS-2020-10)
2023-05-17 00:00:00
Fedora: Security Advisory for drupal7 (FEDORA-2020-11be4b36d4)
2020-06-07 00:00:00
cve
cve
CVE-2020-11022
2020-04-29 22:15:00
nodejs
nodejs
Cross-Site Scripting
2020-04-30 18:19:09
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-30 01:59:55
nessus
nessus
F5 Networks BIG-IP : jQuery vulnerability (K02453220)
2023-11-02 00:00:00
Oracle JDeveloper XSS (October 2020 CPU)
2020-11-02 00:00:00
RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2217)
2020-06-01 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2020-11-02 20:55:10
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
Exploit for Cross-site Scripting in Jquery
2020-04-14 19:12:01
packetstorm
packetstorm
jQuery 1.2 Cross Site Scripting
2021-04-14 00:00:00
osv
osv
CVE-2020-11022
2020-04-29 22:15:11
Use of insecure jQuery version in OctoberCMS
2020-06-05 19:37:49
BIT-drupal-2020-11022
2024-03-06 10:59:15
cvelist
cvelist
CVE-2020-11022 Potential XSS vulnerability in jQuery
2020-04-29 00:00:00
ubuntucve
ubuntucve
CVE-2020-11022
2020-04-29 00:00:00
zdt
zdt
jQuery 1.2 - Cross-Site Scripting Vulnerability
2021-04-14 00:00:00
f5
f5
K02453220 : jQuery vulnerability CVE-2020-11022
2020-08-03 00:00:00
prion
prion
Code injection
2020-04-29 22:15:00
redhat
redhat
redhatcve
redhatcve
CVE-2020-11022
2020-04-29 23:09:52
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2020-11022).
2023-01-12 21:59:00
github
github
Use of insecure jQuery version in OctoberCMS
2020-06-05 19:37:49
Potential XSS vulnerability in jQuery
2020-04-29 22:18:55
Persistent Cross-site Scripting vulnerability in PrivateBin
2022-04-12 20:45:22
alpinelinux
alpinelinux
CVE-2020-11022
2020-04-29 22:15:00
hackerone
hackerone
Reddit: CVE-2020-11022
2022-12-20 17:19:58
exploitdb
exploitdb
jQuery 1.2 - Cross-Site Scripting (XSS)
2021-04-14 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32
2020-06-16 01:32:24
[SECURITY] Fedora 32 Update: drupal7-7.70-1.fc32
2020-05-31 03:31:15
[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33
2020-09-25 17:15:48
attackerkb
attackerkb
CVE-2020-11023
2020-04-29 00:00:00
CVE-2020-11022
2020-04-29 00:00:00
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023
2021-02-02 09:59:24
jquery 2.2.4 XSS vulnerability
2022-08-24 14:53:45
hp
hp
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
Certain HP Printers and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-25 00:00:00
Security update for cacti, cacti-spine (moderate)
2020-07-28 00:00:00
oraclelinux
oraclelinux
jquery-ui security update
2022-03-01 00:00:00
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-10 00:00:00
debian
debian
[SECURITY] [DSA 4693-1] drupal7 security update
2020-05-26 21:08:38
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:42
checkpoint_advisories
checkpoint_advisories
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
2020-05-20 00:00:00
ics
ics
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (Update A)
2023-03-16 12:00:00
Mitsubishi Electric EcoWebServerIII
2022-02-24 12:00:00
typo3
typo3
Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)
2020-07-29 00:00:00
gentoo
gentoo
Cacti: Multiple vulnerabilities
2020-07-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
freebsd
freebsd
Cacti -- multiple vulnerabilities
2020-07-15 00:00:00
adobe
adobe
APSB19-38 Security update available for Adobe Experience Manager
2019-07-09 00:00:00
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
centos
centos
ipa, python2 security update
2020-10-20 18:15:27
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
amazon
amazon
Medium: ipa
2020-10-22 17:40:00