CVE-2020-11022

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Published: Apr 30, 2020
Updated: Sep 1, 2023
CVE: CVE-2020-11022
GHSA: GHSA-gxr4-xjj5-5px2
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
jquery / jquery	1.2	3.5.0
drupal / drupal	7.0	7.70
drupal / drupal	8.7.0	8.7.14
drupal / drupal	8.8.0	8.8.6
debian / debian_linux	9.0	9.0.x
fedoraproject / fedora	31	31.x
fedoraproject / fedora	32	32.x
fedoraproject / fedora	33	33.x
oracle / weblogic_server	12.1.3.0.0	12.1.3.0.0.x
oracle / jdeveloper	11.1.1.9.0	11.1.1.9.0.x
oracle / retail_back_office	14.1	14.1.x
oracle / retail_back_office	14.0	14.0.x
oracle / peoplesoft_enterprise_peopletools	8.56	8.56.x
oracle / weblogic_server	10.3.6.0.0	10.3.6.0.0.x
oracle / communications_webrtc_session_controller	7.2	7.2.x
oracle / weblogic_server	12.2.1.3.0	12.2.1.3.0.x
oracle / agile_product_lifecycle_management_for_process	6.2.0.0	6.2.0.0.x
oracle / peoplesoft_enterprise_peopletools	8.57	8.57.x
oracle / application_testing_suite	13.3.0.1	13.3.0.1.x
oracle / retail_returns_management	14.0	14.0.x
oracle / retail_returns_management	14.1	14.1.x
oracle / jdeveloper	12.2.1.3.0	12.2.1.3.0.x
oracle / policy_automation_connector_for_siebel	10.4.6	10.4.6.x
oracle / financial_services_market_risk_measurement_and_management	8.0.6	8.0.6.x
oracle / hospitality_materials_control	18.1	18.1.x
oracle / banking_digital_experience	18.2	18.2.x
oracle / banking_digital_experience	18.3	18.3.x
oracle / banking_digital_experience	19.1	19.1.x
oracle / banking_digital_experience	18.1	18.1.x
oracle / weblogic_server	12.2.1.4.0	12.2.1.4.0.x
oracle / financial_services_hedge_management_and_ifrs_valuations	8.0.6	8.0.8.x
oracle / financial_services_loan_loss_forecasting_and_provisioning	8.0.6	8.0.8.x
oracle / financial_services_asset_liability_management	8.0.7	8.0.7.x
oracle / financial_services_asset_liability_management	8.0.6	8.0.6.x
oracle / financial_services_profitability_management	8.0.7	8.0.7.x
oracle / financial_services_profitability_management	8.0.6	8.0.6.x
oracle / financial_services_funds_transfer_pricing	8.0.7	8.0.7.x
oracle / financial_services_funds_transfer_pricing	8.0.6	8.0.6.x
oracle / financial_services_price_creation_and_discovery	8.0.7	8.0.7.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / financial_services_liquidity_risk_management	8.0.6	8.0.6.x
oracle / financial_services_liquidity_risk_measurement_and_management	8.0.8	8.0.8.x
oracle / financial_services_liquidity_risk_measurement_and_management	8.0.7	8.0.7.x
oracle / financial_services_balance_sheet_planning	8.0.8	8.0.8.x
oracle / weblogic_server	14.1.1.0.0	14.1.1.0.0.x
oracle / financial_services_analytical_applications_infrastructure	8.0.6.0.0	8.1.0.0.0.x
oracle / retail_customer_management_and_segmentation_foundation	19.0	19.0.x
oracle / healthcare_foundation	7.2.0	7.2.0.x
oracle / healthcare_foundation	7.2.1	7.2.1.x
oracle / healthcare_foundation	7.3.0	7.3.0.x
oracle / healthcare_foundation	7.1.1	7.1.1.x
oracle / communications_billing_and_revenue_management	12.0.0.3.0	12.0.0.3.0.x
oracle / communications_billing_and_revenue_management	7.5.0.23.0	7.5.0.23.0.x
oracle / financial_services_data_governance_for_us_regulatory_reporting	8.0.6	8.0.9.x
oracle / hospitality_simphony	19.1.0	19.1.2.x
oracle / banking_digital_experience	19.2	19.2.x
oracle / financial_services_basel_regulatory_capital_internal_ratings_based_approach	8.0.6	8.0.8.x
oracle / insurance_data_foundation	8.0.6	8.1.0.x
oracle / financial_services_price_creation_and_discovery	8.0.6	8.0.6.x
oracle / financial_services_profitability_management	8.1.0	8.1.0.x
oracle / banking_digital_experience	20.1	20.1.x
oracle / policy_automation	12.2.0	12.2.20.x
oracle / financial_services_analytical_applications_reconciliation_framework	8.0.6	8.0.8.x
oracle / financial_services_loan_loss_forecasting_and_provisioning	8.1.0	8.1.0.x
oracle / financial_services_basel_regulatory_capital_internal_ratings_based_approach	8.1.0	8.1.0.x
oracle / siebel_ui_framework	20.8	20.8.x
oracle / communications_application_session_controller	3.8m0	3.8m0.x
oracle / financial_services_institutional_performance_analytics	8.1.0	8.1.0.x
oracle / communications_diameter_signaling_router_idih-	8.0.0	8.2.2.x
oracle / financial_services_institutional_performance_analytics	8.0.6	8.0.6.x
oracle / financial_services_data_foundation	8.0.6	8.1.0.x
oracle / insurance_insbridge_rating_and_underwriting	5.0.0.0	5.6.0.0.x
oracle / financial_services_liquidity_risk_measurement_and_management	8.1.0	8.1.0.x
oracle / financial_services_institutional_performance_analytics	8.0.7	8.0.7.x
oracle / financial_services_basel_regulatory_capital_basic	8.1.0	8.1.0.x
oracle / financial_services_regulatory_reporting_for_us_federal_reserve	8.0.6	8.0.9.x
oracle / financial_services_regulatory_reporting_for_european_banking_authority	8.0.6	8.1.0.x
oracle / policy_automation_for_mobile_devices	12.2.0	12.2.20.x
oracle / insurance_allocation_manager_for_enterprise_profitability	8.0.8	8.0.8.x
oracle / insurance_insbridge_rating_and_underwriting	5.6.1.0	5.6.1.0.x
oracle / hospitality_simphony	18.1	18.1.x
oracle / financial_services_data_integration_hub	8.0.6	8.0.6.x
oracle / financial_services_data_integration_hub	8.1.0	8.1.0.x
oracle / insurance_accounting_analyzer	8.0.9	8.0.9.x
oracle / financial_services_basel_regulatory_capital_basic	8.0.6	8.0.8.x
oracle / financial_services_hedge_management_and_ifrs_valuations	8.1.0	8.1.0.x
oracle / financial_services_analytical_applications_reconciliation_framework	8.1.0	8.1.0.x
oracle / insurance_allocation_manager_for_enterprise_profitability	8.1.0	8.1.0.x
oracle / hospitality_simphony	18.2	18.2.x
oracle / financial_services_asset_liability_management	8.1.0	8.1.0.x
oracle / enterprise_manager_ops_center	12.4.0.0	12.4.0.0.x
oracle / enterprise_session_border_controller	8.4	8.4.x
oracle / financial_services_market_risk_measurement_and_management	8.0.8	8.0.8.x
oracle / jdeveloper	12.2.1.4.0	12.2.1.4.0.x
oracle / financial_services_funds_transfer_pricing	8.1.0	8.1.0.x
oracle / financial_services_data_integration_hub	8.0.7	8.0.7.x
oracle / communications_services_gatekeeper	7.0	7.0.x
oracle / communications_eagle_application_processor	16.1.0	16.4.0.x
oracle / blockchain_platform	-	21.1.2
oracle / storagetek_acsls	8.5.1	8.5.1.x
netapp / oncommand_system_manager	3.0	3.1.3.x
opensuse / leap	15.1	15.1.x
opensuse / leap	15.2	15.2.x
tenable / log_correlation_engine	-	6.0.9
oracle / agile_product_supplier_collaboration_for_process	6.2.0.0	6.2.0.0.x
oracle / financial_services_analytical_applications_infrastructure	8.0.6	8.1.0.x
oracle / hospitality_simphony	19.1.0-19.1.2	19.1.0-19.1.2.x
oracle / insurance_data_foundation	8.0.6-8.1.0	8.0.6-8.1.0.x
oracle / banking_digital_experience	18.1	20.1.x
jquery	1.2.0	3.5.0