In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
References
Advertisement
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
|
Configuration 16 (hide)
|
Configuration 17 (hide)
|
Information
Published : 2020-04-29 15:15
Updated : 2022-07-25 11:15
NVD link : CVE-2020-11022
Mitre link : CVE-2020-11022
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Advertisement
Products Affected
oracle
- financial_services_liquidity_risk_management
- agile_product_lifecycle_management_for_process
- siebel_ui_framework
- hospitality_simphony
- enterprise_session_border_controller
- financial_services_analytical_applications_reconciliation_framework
- financial_services_basel_regulatory_capital_internal_ratings_based_approach
- policy_automation_for_mobile_devices
- peoplesoft_enterprise_peopletools
- financial_services_profitability_management
- retail_back_office
- healthcare_foundation
- communications_application_session_controller
- retail_returns_management
- application_testing_suite
- enterprise_manager_ops_center
- hospitality_materials_control
- financial_services_liquidity_risk_measurement_and_management
- financial_services_hedge_management_and_ifrs_valuations
- financial_services_analytical_applications_infrastructure
- weblogic_server
- financial_services_loan_loss_forecasting_and_provisioning
- financial_services_asset_liability_management
- financial_services_price_creation_and_discovery
- insurance_data_foundation
- policy_automation
- blockchain_platform
- financial_services_balance_sheet_planning
- policy_automation_connector_for_siebel
- jdeveloper
- financial_services_data_governance_for_us_regulatory_reporting
- communications_diameter_signaling_router_idih\
- insurance_insbridge_rating_and_underwriting
- insurance_allocation_manager_for_enterprise_profitability
- financial_services_regulatory_reporting_for_european_banking_authority
- insurance_accounting_analyzer
- communications_webrtc_session_controller
- financial_services_institutional_performance_analytics
- financial_services_regulatory_reporting_for_us_federal_reserve
- storagetek_acsls
- retail_customer_management_and_segmentation_foundation
- financial_services_market_risk_measurement_and_management
- communications_services_gatekeeper
- financial_services_data_foundation
- communications_billing_and_revenue_management
- communications_eagle_application_processor
- banking_digital_experience
- financial_services_funds_transfer_pricing
- agile_product_supplier_collaboration_for_process
- financial_services_data_integration_hub
- financial_services_basel_regulatory_capital_basic
netapp
- h410c_firmware
- oncommand_system_manager
- h500s
- h300e_firmware
- h410s_firmware
- oncommand_insight
- snapcenter
- h700s_firmware
- h700e_firmware
- h700s
- h410c
- h300s_firmware
- h500s_firmware
- h410s
- h300e
- h700e
- h300s
- max_data
- snap_creator_framework
- h500e
- h500e_firmware
opensuse
- leap
tenable
- log_correlation_engine
fedoraproject
- fedora
debian
- debian_linux
jquery
- jquery
drupal
- drupal