CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

2025-01-24 05:39

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be

News URL

https://thehackernews.com/2025/01/cisa-adds-five-year-old-jquery-xss-flaw.html

#cisa #vulnerabilities #XSS #CVE-2020-11023

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-29	CVE-2020-11023	Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery debian fedoraproject drupal oracle netapp tenable CWE-79	6.1

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Jquery		1	0	8	1	0	9

News URL

Related news

Related Vulnerability

Related vendor