CVE-2020-11023
Potential XSS vulnerability in jQuery
In short
jQuery versions before 3.5.0 can execute malicious code when processing HTML with <option> elements from untrusted sources, even if the HTML appears sanitized. This happens through DOM manipulation methods like .html() and .append().
Technical detail
XSS vulnerability in jQuery < 3.5.0 where malicious HTML containing <option> elements bypasses sanitization when passed to DOM manipulation methods (.html(), .append(), etc.). Attack vector requires injecting crafted HTML through user input; impact is arbitrary JavaScript execution in the context of the affected web application.
Summary generated and translated by AI from the official description.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
Affected products
jquery · jQuerypublic PoCs found — 7
githubgithub.com/honeyb33z/cve-2020-11023-scanner★ 3githubgithub.com/Cybernegro/CVE-2020-11023★ 3githubgithub.com/Snorlyd/https-nj.gov---CVE-2020-11023★ 1githubgithub.com/andreassundstrom/cve-2020-11023-demonstration★ 0githubgithub.com/towaos/towaos-lab-cve-2020-11023★ 0exploitdbwww.exploit-db.com/exploits/49767unverifiedcve_referencepacketstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.htmlhttp://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.htmlhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-releasedhttps://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6https://jquery.com/upgrade-guide/3.5/https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3Ehttps://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3Ehttps://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E