Back to bug 2217733
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-06-27 04:19:25 UTC | CC | abobrov, aileenc, alampare, alazarot, amctagga, aoconnor, apevec, asoldano, aturgema, bbaranow, bbuckingham, bcourt, bmaxwell, bniver, boliveir, brian.stansberry, cdewolf, cfu, chazlett, cluster-maint, darran.lofthouse, dhanak, dhughes, dkreling, dosoudil, drichtar, dsirrine, edewata, eglynn, ehelms, elima, emingora, erack, fjuma, flucifre, fmuellner, fzatlouk, gjospin, gmalinko, gmeno, grafana-maint, ibek, idevat, idm-ds-dev-bugs, ivassile, iweiss, janstey, jhorak, jjoyce, jkozol, jkurik, jmagne, jpavlik, jrokos, jrybar, jschluet, jscotka, jsherril, jstephen, jweng, klember, kverlaen, lbacciot, lgao, lhh, lzap, mbenjamin, mburns, mgarciac, mhackett, mharmsen, mhulan, michal.skrivanek, mlisik, mnovotny, mosmerov, mperina, mpitt, mpospisi, msochure, mstefank, msvehla, myarboro, nathans, nmoumoul, nwallace, omajid, omular, orabin, pcreech, pdelbell, pdrozd, pgrist, pjindal, pmackay, pskopek, python-maint, rchan, release-test-team, rguimara, rhcs-maint, rhos-maint, rowaters, rstancel, sbonazzo, scox, sgratch, sipoyare, slinaber, smaestri, sostapov, spoore, sthorger, stransky, tojeline, tom.jenkinson, tpopela, trodgers, tvignaud, vereddy | |
| Avinash Hanwate | 2023-06-27 04:51:53 UTC | Depends On | 2217757, 2217761, 2217748, 2217759, 2217741, 2217763, 2217743, 2217760, 2217747, 2217749, 2217745, 2217758, 2217746, 2217755, 2217751, 2217735, 2217742, 2217750, 2217753, 2217740, 2217737, 2217752, 2217736, 2217739, 2217762, 2217744, 2217756, 2217754, 2217738 | |
| Avinash Hanwate | 2023-06-27 05:04:16 UTC | Blocks | 2217774 | |
| Tomas Jelinek | 2023-06-27 07:39:48 UTC | Depends On | 1882291 | |
| Product Security DevOps Team | 2023-06-27 11:40:44 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-06-27 11:40:44 UTC | |||
| Jan Rybar | 2023-06-28 12:57:46 UTC | CC | jrybar | |
| Avinash Hanwate | 2023-07-03 04:57:24 UTC | Alias | TRIAGE-CVE-2020-23064 | CVE-2020-23064 |
| Summary | TRIAGE-CVE-2020-23064 jquery: Cross-site scripting | CVE-2020-23064 jquery: Cross-site scripting | ||
| Doc Text | jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the <options> element. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||
| RaTasha Tillery-Smith | 2023-07-03 12:26:30 UTC | Doc Text | jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the <options> element. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the <options> element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
Back to bug 2217733