Bug 2217733 (CVE-2020-23064) - CVE-2020-23064 jquery: Cross-site scripting
Summary: CVE-2020-23064 jquery: Cross-site scripting
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-23064
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1882291 2217735 2217736 2217737 2217738 2217739 2217740 2217741 2217742 2217743 2217744 2217745 2217746 2217747 2217748 2217749 2217750 2217751 2217752 2217753 2217754 2217755 2217756 2217757 2217758 2217759 2217760 2217761 2217762 2217763 2219573
Blocks: 2217774
TreeView+ depends on / blocked
 
Reported: 2023-06-27 04:14 UTC by Avinash Hanwate
Modified: 2025-05-14 17:51 UTC (History)
123 users (show)

Fixed In Version: jQuery 3.5.0
Clone Of:
Environment:
Last Closed: 2023-06-27 11:40:44 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:7625 0 None None None 2025-05-14 17:51:31 UTC

Description Avinash Hanwate 2023-06-27 04:14:32 UTC 
Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://snyk.io/vuln/SNYK-JS-JQUERY-565129
Comment 4 errata-xmlrpc 2025-05-14 17:51:20 UTC 
This issue has been addressed in the following products:

  Red Hat AMQ Broker 7.13.0

Via RHSA-2025:7625 https://access.redhat.com/errata/RHSA-2025:7625
Note You need to log in before you can comment on or make changes to this bug.