CVE-2020-11023

MEDIUMMonitor

Published:Apr 29, 2020(6 years ago)

Modified:Nov 7, 2025

Remote ExploitNo Auth RequiredScope Changes

Vulnerability Description

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Attack Characteristics

Network AccessHigh ComplexityNo Auth NeededUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
oracle	healthcare_translational_research	-	-
oracle	healthcare_translational_research	-	-
oracle	healthcare_translational_research

Timeline

Published
CVE disclosed publicly
Apr 29, 20206 years ago
Last Modified
Most recent update
Nov 7, 20256 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

132

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067....Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085....Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039....Broken Link

CVSS Score

v3.1

6.9/ 10.0

MEDIUM

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

At a Glance

Affected Products

132

References

oracle / healthcare_translational_research

http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Sc...Exploit

https://blog.jquery.com/2020/04/10/jquery-3-5-0-releasedRelease Notes

https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4...Third Party Advisory

https://jquery.com/upgrade-guide/3.5/Release Notes

https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c...Issue Tracking

https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6b...Issue Tracking

https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7...Issue Tracking

https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543...Issue Tracking

https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772...Issue Tracking

https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04...Issue Tracking

https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473...Issue Tracking

https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6af...Issue Tracking

https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d9...Issue Tracking

https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a...Issue Tracking

https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68e...Issue Tracking

https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c...Issue Tracking

https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490...Issue Tracking

https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe68...Issue Tracking

https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608...Issue Tracking

https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3...Issue Tracking

https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e...Issue Tracking

https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab517798...Issue Tracking

https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283ddd...Issue Tracking

https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c...Issue Tracking

https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a...Issue Tracking

https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6...Issue Tracking

https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c...Issue Tracking

https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e...Issue Tracking

https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f56041...Issue Tracking

https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf...Issue Tracking

https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b691...Issue Tracking

https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610...Issue Tracking

https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5...Issue Tracking

https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99...Issue Tracking

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5...Issue Tracking

https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd...Issue Tracking

https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62...Issue Tracking

https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830e...Issue Tracking

https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b9...Issue Tracking

https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1c...Issue Tracking

https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f81...Issue Tracking

https://lists.debian.org/debian-lts-announce/2021/03/msg00033.htmlMailing List

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlMailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists...Mailing List

https://security.gentoo.org/glsa/202007-03Third Party Advisory

https://security.netapp.com/advisory/ntap-20200511-0006/Third Party Advisory

https://www.debian.org/security/2020/dsa-4693Mailing List

https://www.drupal.org/sa-core-2020-002Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.htmlPatch

https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch

https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch

https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.htmlPatch

https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch

https://www.tenable.com/security/tns-2021-02Third Party Advisory

https://www.tenable.com/security/tns-2021-10Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067....Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085....Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039....Broken Link

http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Sc...Exploit

https://blog.jquery.com/2020/04/10/jquery-3-5-0-releasedRelease Notes

https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e102...Third Party Advisory