CVE-2020-11023
JQuery Cross-Site Scripting (XSS) Vulnerability
CVSS
—
No CVSS
EPSS
83.8%
p100
KEV
YES
Jan 23, 2025
Exploit Today
80
0-100
Published: — · Last modified: —
Product
JQuery / JQuery
Vulnerability
JQuery Cross-Site Scripting (XSS) Vulnerability
Added to KEV
Jan 23, 2025
Remediate by
Feb 13, 2025
Known ransomware use
No
Summary description
JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 ; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023
No related CVEs by CWE or product.