CVE-2020-11022
- Reference to the description:
- Description:
- In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
- Last updated date:
- 08/31/2023
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 07/30/2021
- Reference url to background
https://cybersecurityworks.com/patchwatch/july-oracle-patches-342-security-vulnerabilities.html
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 07/06/2022
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 07/12/2022
- Reference url to background
https://www.techrepublic.com/article/security-vulnerabilities-healthcare/
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 03/16/2020
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/20/2021
- Reference url to background
http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/16/2021
- Reference url to background