Bug 2217733 (CVE-2020-23064) - CVE-2020-23064 jquery: Cross-site scripting
Summary: CVE-2020-23064 jquery: Cross-site scripting
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-23064
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2217746 2217747 2217748 1882291 2217735 2217736 2217737 2217738 2217739 2217740 2217741 2217742 2217743 2217744 2217745 2217749 2217750 2217751 2217752 2217753 2217754 2217755 2217756 2217757 2217758 2217759 2217760 2217761 2217762 2217763 2219573
Blocks: 2217774
TreeView+ depends on / blocked
 
Reported: 2023-06-27 04:14 UTC by Avinash Hanwate
Modified: 2023-12-13 08:38 UTC (History)
123 users (show)

Fixed In Version: jQuery 3.5.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the <options> element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Clone Of:
Environment:
Last Closed: 2023-06-27 11:40:44 UTC
Embargoed:


Attachments (Terms of Use)

Description Avinash Hanwate 2023-06-27 04:14:32 UTC
Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://snyk.io/vuln/SNYK-JS-JQUERY-565129


Note You need to log in before you can comment on or make changes to this bug.