vendor:
jQuery
by:
Central InfoSec
6.1
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: jQuery
Affected Version From: jQuery 1.2
Affected Version To: jQuery 3.5.0
Patch Exists: YES
Related CWE: CVE-2020-11022
CPE: jquery
Metasploit:
https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/oracle-weblogic-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/joomla-20200604-core-xss-in-jquery-htmlprefilter/, https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/drupal-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/jquery-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/redhat-openshift-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/red_hat-jboss_eap-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2020-11022/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2020-11022/
Other Scripts:
N/A
Platforms Tested: None
2020
jQuery 1.2 – Cross-Site Scripting (XSS)
A Cross-Site Scripting (XSS) vulnerability exists in jQuery versions greater than or equal to 1.2 and before 3.5.0. An attacker can inject malicious code into the vulnerable application, which will be executed in the victim's browser. Proof of Concept 1: <option><style></option></select><img src=x onerror=alert(1)></style>
Mitigation:
Developers should upgrade to jQuery version 3.5.0 or later to mitigate this vulnerability.
