Reflected cross-site scripting (XSS) In components/jquery
Description
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 packagist | >=1.12.0 <3.5.0 | 3.5.0 | |
 debian 14 | >=0 <3.5.0+dfsg-2 | 3.5.0+dfsg-2 | |
 rubygems | >=0 <4.4.0 | 4.4.0 | |
 maven | >=1.12.0 <3.5.0 | 3.5.0 | |
 nuget | >=1.12.0 <3.5.0 || >=1.12.0 <3.5.0 | 3.5.0, 3.5.0 | |
packagist | >=0 <1.19.0 | 1.19.0 | |
packagist | >=0 <=4.0.0 | - | |
debian 11 | =2.0.4p01-10 || =2.0.4p01-11 || =2.0.4p01-12 || =2.0.4p01-13 || =2.0.4p01-14 || =2.0.4p01-14.1 || =2.0.4p01-15 || =2.0.4p01-16 || =2.0.4p01-17 || =2.0.4p01-18 || =2.0.4p01-6 || =2.0.4p01-7 || =2.0.4p01-8 || =2.0.4p01-9 || =2.0.99beta1-1 || =2.0.99beta1-2 || =2.1.1-1 || =2.1.3-1 || =2.1.4-1 || =2.1.4-2 || =2.1.5-1 || =2.1.5-2 || =2.1.5-3 || =2.1.6-1 || =2.1.7-1 || =2.1.7-2 || =2.2.0~beta2-1 || =2.2.0~beta3-1 || =2.2.1-1 || =2.2.2-1 || =2.2.3-1 || =2.2.4-1 || =2.2.5-1 || =2.2.5-2 || =2.2.6-1 || =2.2.7-1 || =2.2.7-2 || =2.2.7-2lenny1 || =2.2.7-2lenny2 || =2.2.7-2lenny3 || =2.2.7-3 || =2.3.2-1 || =2.3.2-2 || =2.3.3-1 || =2.3.4-1 || =2.3.4-2 || =2.3.4-3 || =2.3.4-4 || =2.3.4-5 || =2.3.4-6 || =2.3.4-7 || =2.4.10+dfsg1-1 || =2.4.10+dfsg1-2 || =2.4.10+dfsg1-3 || =2.4.5-1 || =2.4.5-2 || =2.4.5-3 || =2.4.5-4 || =2.4.5-5 || =2.4.6-1 || =2.4.6-2 || =2.4.7+dfsg1-1 || =2.4.7-1 || =2.4.7-2 || =2.4.7-3 || =2.4.7-4 || =2.4.7-5 || =2.4.7-6 || =2.4.8+dfsg1-1 || =2.4.9+dfsg1-1 || =2.4.9+dfsg1-2 || =2.4.9+dfsg1-3 || =2.4.9+dfsg1-3+squeeze1 || =2.4.9+dfsg1-3+squeeze3 || =2.4.9+dfsg1-3+squeeze4 || =2.4.9+dfsg1-3+squeeze5 || =2.4.9+dfsg1-4 || =2.4.9+dfsg1-5 || =3.0.10+dfsg1-1 || =3.0.10+dfsg1-2 || =3.0.11+dfsg1-1 || =3.0.8+dfsg1-1 || =3.0.9+dfsg1-1 || =3.1.0~beta4+dfsg1-1 || =3.1.0~beta5+dfsg1-1 || =3.1.0~rc1+dfsg1-1 || =3.1.1+dfsg1-1 || =3.1.1+dfsg1-2 || =3.1.10+dfsg1-1 || =3.1.11+dfsg1-1 || =3.1.12+dfsg1-1 || =3.1.12+dfsg1-2 || =3.1.12+dfsg1-3 || =3.1.2+dfsg1-1 || =3.1.2+dfsg1-2 || =3.1.2+dfsg1-3 || =3.1.3+dfsg1-1 || =3.1.3+dfsg1-2 || =3.1.4+dfsg1-1 || =3.1.5+dfsg1-1 || =3.1.5+dfsg1-2 || =3.1.5+dfsg1-3 || =3.1.6+dfsg1-1 || =3.1.7+dfsg1-1 || =3.1.7+dfsg1-2 || =3.1.7+dfsg1-3 || =3.1.7+dfsg1-4 || =3.1.7+dfsg1-5 || =3.1.7+dfsg1-6 || =3.1.7+dfsg1-7 || =3.1.7+dfsg1-8 || =3.1.8+dfsg1-1 || =3.1.9+dfsg1-1 || =3.2.1+dfsg1-1 || =3.2.10-1 || =3.2.10-2 || =3.2.11-1 || =3.2.11-1~bpo70+1 || =3.2.12-1 || =3.2.2+dfsg1-1 || =3.2.3+dfsg1-1 || =3.2.4-1 || =3.2.5-1 || =3.2.6-1 || =3.2.6-2 || =3.2.7-1 || =3.2.7-2 || =3.2.8-1 || =3.2.9-1 || =3.2.9-2 || =3.3.1-1 || =3.3.10-1 || =3.3.11-1 || =3.3.18-1~deb7u1 || =3.3.18-1~deb7u2 || =3.3.18-1~deb7u3 || =3.3.2-1 || =3.3.3-1 || =3.3.3-2 || =3.3.3-3 || =3.3.4-1 || =3.3.5-1 || =3.3.6-1 || =3.3.7-1 || =3.3.7-2 || =3.3.8-1 || =3.3.9-1 || =3.3.9-2 || =3.3.9-3 || =3.3.9-3~bpo70+1 || =4.0.10-1 || =4.0.11-1 || =4.0.12-1 || =4.0.13-1 || =4.0.13-1~bpo8+1 || =4.0.5-1 || =4.0.5-2 || =4.0.6-1 || =4.0.7-1 || =4.0.7-2 || =4.0.8-1 || =4.0.9-1 || =5.0.1-1 || =5.0.1-2 || =5.0.10-1 || =5.0.10-1~bpo8+1 || =5.0.11-1 || =5.0.12-1 || =5.0.13-1 || =5.0.13-1~bpo8+1 || =5.0.13-2 || =5.0.14-1 || =5.0.14-1~bpo8+1 || =5.0.15-1 || =5.0.16-1 || =5.0.16-1~bpo8+1 || =5.0.17-1 || =5.0.18-1 || =5.0.19-1 || =5.0.2-1 || =5.0.20-1 || =5.0.21-1 || =5.0.21-1~bpo9+1 || =5.0.22-1 || =5.0.23-1 || =5.0.23-1~bpo9+1 || =5.0.24-1 || =5.0.24-1~bpo9+1 || =5.0.3-1 || =5.0.5-1 || =5.0.6-1 || =5.0.6-1~bpo8+1 || =5.0.7-1 || =5.0.8+dfsg1-1 || =5.0.8-1 || =5.0.8-1~bpo8+1 || =5.0.9+dfsg1-1 || =5.0.9+repack1-1 || =6.0.1-1 || =6.0.10-1 || =6.0.11-1 || =6.0.11-1~bpo9+1 || =6.0.12-1 || =6.0.12-1~bpo9+1 || =6.0.13-1 || =6.0.14-1 || =6.0.15-1 || =6.0.16-1 || =6.0.16-2 || =6.0.17-1 || =6.0.18-1 || =6.0.19-1 || =6.0.2-1 || =6.0.20-1 || =6.0.20-1~bpo10+1 || =6.0.21-1 || =6.0.22-1 || =6.0.23-1 || =6.0.23-2 || =6.0.24-1 || =6.0.24-1~bpo10+1 || =6.0.25-1 || =6.0.25-2 || =6.0.25-3 || =6.0.25-3~bpo10+1 || =6.0.26-1 || =6.0.26-1~bpo10+1 || =6.0.27-1 || =6.0.27-1~bpo10+1 || =6.0.28-1 || =6.0.28-1~bpo10+1 || =6.0.28-2 || =6.0.29-1 || =6.0.29-1~bpo10+1 || =6.0.3-1 || =6.0.30-1~bpo10+1 || =6.0.4-1 || =6.0.5-1 || =6.0.6-1 || =6.0.7-1 || =6.0.8-1 || =6.0.8-1~bpo9+1 || =6.0.9-1 || =6.0.9-1~bpo9+1 || >=0 <6.0.30-1 | 6.0.30-1 | |
packagist | >=7.0 <7.70 || >=8.7.0 <8.7.14 || >=8.8.0 <8.8.6 | 8.0.0, 8.7.14, 8.8.6 | |
packagist | >=7.0 <7.70 || >=8.7.0 <8.7.14 || >=8.8.0 <8.8.6 | 8.0.0, 8.7.14, 8.8.6 |
1-10 of 28
10
Aliases
1. CVE-2020-110222. NVD-2020-110223. OSV-2020-110224. OSV-DEBIAN-2020-110225. GHSA-gxr4-xjj5-5px26. GCVE-2020-110227. security.gentoo.org8. lists.debian.org9. lists.debian.org10. SECURITY-TRACKER-CVE-2020-1102211. GHSA-gxr4-xjj5-5px212. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml13. DB-CVE-2020-11022
References
1. https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px22. https://github.com/maximebf/php-debugbar/issues/4473. https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f774. https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc5. https://lists.fedoraproject.org/archives/list/[email protected]/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W6. https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html7. https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html8. https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html9. https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html10. https://www.debian.org/security/2020/dsa-469311. https://www.drupal.org/sa-core-2020-00212. https://www.oracle.com//security-alerts/cpujul2021.html13. https://www.oracle.com/security-alerts/cpuApr2021.html14. https://www.oracle.com/security-alerts/cpuapr2022.html15. https://www.oracle.com/security-alerts/cpujan2021.html16. https://www.oracle.com/security-alerts/cpujan2022.html17. https://www.oracle.com/security-alerts/cpujul2020.html18. https://www.oracle.com/security-alerts/cpujul2022.html19. https://www.oracle.com/security-alerts/cpuoct2020.html20. https://www.oracle.com/security-alerts/cpuoct2021.html21. https://blog.jquery.com/2020/04/10/jquery-3-5-0-released22. https://github.com/jquery/jquery/releases/tag/3.5.023. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml24. https://jquery.com/upgrade-guide/3.525. https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E26. https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E27. https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E28. https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E29. https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E30. https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E31. https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E32. https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E33. https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E34. https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E35. https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E36. https://lists.fedoraproject.org/archives/list/[email protected]/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY37. https://lists.fedoraproject.org/archives/list/[email protected]/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K38. https://lists.fedoraproject.org/archives/list/[email protected]/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD439. https://lists.fedoraproject.org/archives/list/[email protected]/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B40. http://security.netapp.com/advisory/ntap-20200511-000641. https://vulncheck.com/cve/CVE-2020-1102242. https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-1102343. https://github.com/jquery/jquery44. https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/45. https://jquery.com/upgrade-guide/3.5/
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.