The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are “[…] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others.”

Affected configurations

Vulners

Node

joomlajoomlaRange<3.9.19

CPENameOperatorVersion
joomla! cmslt3.9.19

CPE	Name	Operator	Version
	joomla! cms	lt	3.9.19

hp 2

fedora 6

atlassian 5

ibm 34

attackerkb 2

nessus 51

openvas 21

osv 12

suse 3

githubexploit 3

debian 2

oraclelinux 4

drupal 1

checkpoint_advisories 1

redhat 8

altlinux 1

gentoo 1

typo3 1

freebsd 1

github 4

nodejs 1

packetstorm 2

veracode 2

cve 3

prion 2

amazon 1

zdt 2

redhatcve 2

debiancve 3

alpinelinux 2

nvd 2

hackerone 1

ubuntucve 2

cvelist 2

f5 2

almalinux 2

ics 1

rocky 1

adobe 1

exploitdb 2

HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)

2020-09-17 00:00:00

Certain HP Printers and MFP products - Cross-Site Scripting (XSS)

2020-09-17 00:00:00

fedora

[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32

2020-06-16 01:32:24

[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33

2020-09-25 17:15:48

[SECURITY] Fedora 31 Update: cacti-1.2.13-1.fc31

2020-07-23 01:17:57

atlassian

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

2021-02-02 09:59:24

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

2021-02-02 09:59:24

jquery 2.2.4 XSS vulnerability

2022-08-24 14:53:45

ibm

Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022)

2020-08-10 20:34:42

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Sourcing (CVE-2020-11023, CVE-2020-11022)

2020-12-03 09:54:47

Security Bulletin: Multiple vulnerabilities in jQuery affect IBM WIoTP MessageGateway (CVE-2020-11023, CVE-2020-11022)

2020-08-11 19:22:50

attackerkb

CVE-2020-11023

2020-04-29 00:00:00

CVE-2020-11022

2020-04-29 00:00:00

nessus

Debian DLA-2608-1 : jquery security update

2021-03-26 00:00:00

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19)

2022-09-01 00:00:00

JQuery 1.2 < 3.5.0 Multiple XSS

2020-05-28 00:00:00

openvas

openSUSE: Security Advisory for otrs (openSUSE-SU-2020:1888-1)

2020-11-10 00:00:00

Discourse < 2.5.0.beta6 Multiple Vulnerabilities

2020-07-02 00:00:00

Drupal 7.x, 8.x jQuery XSS Vulnerabilities (SA-CORE-2020-002) - Windows

2020-06-19 00:00:00

osv

jquery - security update

2021-03-25 00:00:00

drupal7 - security update

2020-05-26 00:00:00

Persistent Cross-site Scripting vulnerability in PrivateBin

2022-04-12 20:45:22

suse

Security update for otrs (moderate)

2020-11-10 00:00:00

Security update for cacti, cacti-spine (moderate)

2020-07-25 00:00:00

Security update for cacti, cacti-spine (moderate)

2020-07-28 00:00:00

githubexploit

Exploit for Cross-site Scripting in Jquery

2021-10-16 01:10:33

Exploit for Cross-site Scripting in Jquery

2020-11-02 20:55:10

Exploit for Cross-site Scripting in Jquery

2020-04-14 19:12:01

debian

[SECURITY] [DSA 4693-1] drupal7 security update

2020-05-26 21:08:21

[SECURITY] [DLA 2608-1] jquery security update

2021-03-26 01:32:42

oraclelinux

jquery-ui security update

2022-03-01 00:00:00

bootstrap security update

2021-08-09 00:00:00

ipa security and bug fix update

2021-03-19 00:00:00

drupal

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

2020-05-20 00:00:00

checkpoint_advisories

jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)

2020-11-16 00:00:00

redhat

(RHSA-2020:4211) Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update

2020-10-08 06:44:00

(RHSA-2020:3807) Moderate: Red Hat Virtualization security, bug fix, and enhancement update

2020-09-23 15:54:23

(RHSA-2021:1846) Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-18 06:14:07

altlinux

Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1

2020-10-21 00:00:00

gentoo

Cacti: Multiple vulnerabilities

2020-07-26 00:00:00

typo3

Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)

2020-07-29 00:00:00

freebsd

Cacti -- multiple vulnerabilities

2020-07-15 00:00:00

github

Persistent Cross-site Scripting vulnerability in PrivateBin

2022-04-12 20:45:22

Potential XSS vulnerability in jQuery

2020-04-29 22:19:14

Use of insecure jQuery version in OctoberCMS

2020-06-05 19:37:49

nodejs

Cross-Site Scripting

2020-04-30 18:19:09

packetstorm

jQuery 1.2 Cross Site Scripting

2021-04-14 00:00:00

jQuery 1.0.3 Cross Site Scripting

2021-04-14 00:00:00

veracode

Cross-Site Scripting (XSS)

2020-04-30 01:59:55

Cross-Site Scripting (XSS)

2020-04-30 02:21:22

cve

CVE-2020-11022

2020-04-29 22:15:11

CVE-2020-11023

2020-04-29 21:15:11

CVE-2020-23064

2023-06-26 19:15:09

prion

Code injection

2020-04-29 21:15:00

Code injection

2020-04-29 22:15:00

amazon

Medium: ipa

2021-04-20 17:55:00

zdt

jQuery 1.0.3 - Cross-Site Scripting Vulnerability

2021-04-14 00:00:00

jQuery 1.2 - Cross-Site Scripting Vulnerability

2021-04-14 00:00:00

redhatcve

CVE-2020-11023

2021-06-20 07:11:02

CVE-2020-11022

2020-04-29 23:09:52

debiancve

CVE-2020-11023

2020-04-29 21:15:11

CVE-2020-11022

2020-04-29 22:15:11

CVE-2020-23064

2023-06-26 19:15:09

alpinelinux

CVE-2020-11023

2020-04-29 21:15:11

CVE-2020-11022

2020-04-29 22:15:11

nvd

CVE-2020-11022

2020-04-29 22:15:11

CVE-2020-11023

2020-04-29 21:15:11

hackerone

Reddit: CVE-2020-11022

2022-12-20 17:19:58

ubuntucve

CVE-2020-11022

2020-04-29 00:00:00

CVE-2020-11023

2020-04-29 00:00:00

cvelist

CVE-2020-11022 Potential XSS vulnerability in jQuery

2020-04-29 00:00:00

CVE-2020-11023 Potential XSS vulnerability in jQuery

2020-04-29 00:00:00

K02453220 : jQuery vulnerability CVE-2020-11022

2020-08-03 00:00:00

K66544153 : jQuery vulnerability CVE-2020-11023

2020-08-03 00:00:00

almalinux

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-18 06:14:07

Low: pcs security, bug fix, and enhancement update

2021-11-09 08:21:49

ics

Sensormatic Electronics VideoEdge

2021-11-02 12:00:00

rocky

idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-18 06:14:07

adobe

APSB19-38 Security update available for Adobe Experience Manager

2019-07-09 00:00:00

exploitdb

jQuery 1.0.3 - Cross-Site Scripting (XSS)

2021-04-14 00:00:00

jQuery 1.2 - Cross-Site Scripting (XSS)

2021-04-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.061 Low

EPSS

Percentile

93.6%

JSON

Related for JOOMLA-816