CVE-2020-11023MEDIUM
Description
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
References
https://jquery.com/upgrade-guide/3.5/
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.drupal.org/sa-core-2020-002
https://www.debian.org/security/2020/dsa-4693
https://www.oracle.com/security-alerts/cpujul2020.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
https://security.gentoo.org/glsa/202007-03
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
https://lists.apache.org/thread.html/[email protected]%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.nifi.apache.org%3E
https://www.oracle.com/security-alerts/cpuoct2020.html
https://lists.apache.org/thread.html/[email protected]%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.felix.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.felix.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.felix.apache.org%3E
https://www.oracle.com/security-alerts/cpujan2021.html
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
https://www.tenable.com/security/tns-2021-02
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
Details
Source: MITRE
Published: 2020-04-29
Updated: 2021-05-05
Type: CWE-79
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Configuration 4
OR
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Configuration 5
OR
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from 2.7.0 to 2.8.0 (inclusive)
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from 2.4.0 to 2.10.0 (inclusive)
cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from 6.1 to 6.4 (inclusive)
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from 4.1 to 4.3 (inclusive)
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from 16.2 to 16.2.11 (inclusive)
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from 17.12.0 to 17.12.7 (inclusive)
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from 18.8.0 to 18.8.9 (inclusive)
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from 19.12.0 to 19.12.4 (inclusive)
cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to 20.12 (inclusive)
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
Configuration 6
AND
OR
OR
Configuration 7
AND
OR
OR
Configuration 8
AND
OR
OR
Configuration 9
AND
OR
OR
Configuration 10
AND
OR
OR
Configuration 11
AND
OR
OR
Configuration 12
AND
OR
OR
Configuration 13
AND
OR
OR
Configuration 14
OR
cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from 3.0 to 3.1.3 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 148921 | Amazon Linux 2 : ipa (ALAS-2021-1626) | Nessus | Amazon Linux Local Security Checks | medium |
| 148918 | Oracle Primavera Unifier (Apr 2021 CPU) | Nessus | CGI abuses | medium |
| 148894 | Oracle Database Server Multiple Vulnerabilities (Apr 2021 CPU) | Nessus | Databases | medium |
| 148146 | Debian DLA-2608-1 : jquery security update | Nessus | Debian Local Security Checks | medium |
| 147888 | Oracle Linux 7 : ipa (ELSA-2021-0860) | Nessus | Oracle Linux Local Security Checks | medium |
| 147836 | RHEL 7 : ipa (RHSA-2021:0860) | Nessus | Red Hat Local Security Checks | medium |
| 147729 | Nessus Network Monitor < 5.13.0 Multiple Vulnerabilities (TNS-2021-02) | Nessus | Misc. | medium |
| 145989 | CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:4847) | Nessus | CentOS Local Security Checks | medium |
| 145244 | Oracle WebCenter Sites (Jan 2021 CPU) | Nessus | Windows | medium |
| 144399 | RHEL 8 : python-XStatic-jQuery224 (RHSA-2020:5412) | Nessus | Red Hat Local Security Checks | medium |
| 142840 | openSUSE Security Update : otrs (openSUSE-2020-1888) | Nessus | SuSE Local Security Checks | medium |
| 142409 | RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2020:4847) | Nessus | Red Hat Local Security Checks | medium |
| 141829 | Oracle Database Server Multiple Vulnerabilities (Oct 2020 CPU) | Nessus | Databases | high |
| 140750 | RHEL 8 : Red Hat Virtualization (RHSA-2020:3807) | Nessus | Red Hat Local Security Checks | medium |
| 140557 | Fedora 31 : drupal7 (2020-fbb94073a1) | Nessus | Fedora Local Security Checks | medium |
| 140545 | Fedora 32 : drupal7 (2020-0b32a59b54) | Nessus | Fedora Local Security Checks | medium |
| 139385 | RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:3369) | Nessus | Red Hat Local Security Checks | medium |
| 139112 | FreeBSD : Cacti -- multiple vulnerabilities (cd2dc126-cfe4-11ea-9172-4c72b94353b5) | Nessus | FreeBSD Local Security Checks | medium |
| 138985 | openSUSE Security Update : cacti / cacti-spine (openSUSE-2020-1060) | Nessus | SuSE Local Security Checks | medium |
| 138926 | GLSA-202007-03 : Cacti: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 138526 | Oracle Primavera Gateway (Jul 2020 CPU) | Nessus | CGI abuses | high |
| 112485 | Joomla! 2.5.x < 3.9.19 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | medium |
| 137423 | Fedora 32 : drupal8 (2020-36d2db5f51) | Nessus | Fedora Local Security Checks | medium |
| 137366 | Joomla 2.5.x < 3.9.19 Multiple Vulnerabilities (5812-joomla-3-9-19) | Nessus | CGI abuses | medium |
| 112438 | Drupal 7.x < 7.70 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | medium |
| 112437 | Drupal 8.7.x < 8.7.14 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | medium |
| 112430 | Drupal 8.8.x < 8.8.6 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | medium |
| 136932 | Debian DSA-4693-1 : drupal7 - security update | Nessus | Debian Local Security Checks | medium |
| 136929 | JQuery 1.2 < 3.5.0 Multiple XSS | Nessus | CGI abuses : XSS | medium |
| 136745 | Drupal 7.0.x < 7.70 / 7.0.x < 7.70 / 8.7.x < 8.7.14 / 8.8.x < 8.8.6 Multiple Vulnerabilities (drupal-2020-05-20) | Nessus | CGI abuses | medium |
| 112383 | jQuery 1.2.0 < 3.5.0 Cross-Site Scripting | Web Application Scanning | Component Vulnerability | medium |