CVE-2020-23064

Summary

CVE	CVE-2020-23064
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-06-26 19:15:00 UTC
Updated	2024-04-01 15:43:00 UTC
Description	Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Jquery	Jquery	All	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	Brocade San Navigator	-	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Application	Netapp	Management Services For Element Software And Netapp Hci	-	All	All	All
Application	Netapp	Virtual Desktop Service	-	All	All	All

References

Reference	Source	Link	Tags
jQuery 3.5.0 Released! \| Official jQuery Blog	MISC	blog.jquery.com
Cross-site Scripting (XSS) in jquery \| Snyk	MISC	snyk.io
CVE-2020-23064 jQuery Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

673557 EulerOS Security Update for python-sphinx (EulerOS-SA-2023-2799)
673633 EulerOS Security Update for doxygen (EulerOS-SA-2023-2784)
673635 EulerOS Security Update for python-sphinx (EulerOS-SA-2023-2823)
673640 EulerOS Security Update for doxygen (EulerOS-SA-2023-2808)
730844 jQuery Prior 3.5.0 Cross-Site Scripting (XSS) Vulnerability
996717 Java (Maven) Security Update for jQuery (GHSA-257q-pv89-v3xv)