CVE-2020-11023
Known Exploited (CISA KEV)MEDIUM
6.9
CVSS Severity Score
Vulnerability Description
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Affected Platforms (CPE)
📦
Jquery
Jquery
>= 1.0.3 and < 3.5.0💻
Debian
Debian Linux
= 9.0💻
Fedoraproject
Fedora
= 31💻
Fedoraproject
Fedora
= 32💻
Fedoraproject
Fedora
= 33📦
Drupal
Drupal
>= 7.0 and < 7.70📦
Drupal
Drupal
>= 8.7.0 and < 8.7.14📦
Drupal
Drupal
>= 8.8.0 and < 8.8.6📦
Oracle
Application Express
< 20.2📦
Oracle
Application Testing Suite
= 13.3.0.1📦
Oracle
Banking Enterprise Collections
>= 2.7.0 and <= 2.8.0📦
Oracle
Banking Platform
>= 2.4.0 and <= 2.10.0📦
Oracle
Blockchain Platform
< 21.1.2📦
Oracle
Blockchain Platform
= 21.1.2📦
Oracle
Business Intelligence
= 5.9.0.0.0📦
Oracle
Communications Analytics
= 12.1.1📦
Oracle
Communications Eagle Application Processor
>= 16.1.0 and <= 16.4.0📦
Oracle
Communications Element Manager
= 8.1.1📦
Oracle
Communications Element Manager
= 8.2.0📦
Oracle
Communications Element Manager
= 8.2.1📦
Oracle
Communications Interactive Session Recorder
>= 6.1 and <= 6.4📦
Oracle
Communications Operations Monitor
>= 4.1 and <= 4.3📦
Oracle
Communications Operations Monitor
= 3.4📦
Oracle
Communications Services Gatekeeper
= 7.0📦
Oracle
Communications Session Report Manager
= 8.1.1📦
Oracle
Communications Session Report Manager
= 8.2.0📦
Oracle
Communications Session Report Manager
= 8.2.1📦
Oracle
Communications Session Route Manager
= 8.1.1📦
Oracle
Communications Session Route Manager
= 8.2.0📦
Oracle
Communications Session Route Manager
= 8.2.1📦
Oracle
Financial Services Regulatory Reporting For De Nederlandsche Bank
= 8.0.4📦
Oracle
Financial Services Revenue Management And Billing Analytics
= 2.7📦
Oracle
Financial Services Revenue Management And Billing Analytics
= 2.8📦
Oracle
Health Sciences Inform
= 6.3.0📦
Oracle
Healthcare Translational Research
= 3.2.1📦
Oracle
Healthcare Translational Research
= 3.3.1📦
Oracle
Healthcare Translational Research
= 3.3.2📦
Oracle
Healthcare Translational Research
= 3.4.0📦
Oracle
Hyperion Financial Reporting
= 11.1.2.4📦
Oracle
Jd Edwards Enterpriseone Orchestrator
< 9.2.5.0📦
Oracle
Jd Edwards Enterpriseone Tools
< 9.2.5.0📦
Oracle
Oss Support Tools
< 2.12.41📦
Oracle
Peoplesoft Enterprise Human Capital Management Resources
= 9.2📦
Oracle
Primavera Gateway
>= 16.2 and <= 16.2.11📦
Oracle
Primavera Gateway
>= 17.12.0 and <= 17.12.7📦
Oracle
Primavera Gateway
>= 18.8.0 and <= 18.8.9📦
Oracle
Primavera Gateway
>= 19.12.0 and <= 19.12.4📦
Oracle
Rest Data Services
= 11.2.0.4📦
Oracle
Rest Data Services
= 12.1.0.2📦
Oracle
Rest Data Services
= 12.2.0.1📦
Oracle
Rest Data Services
= 18c📦
Oracle
Rest Data Services
= 19c📦
Oracle
Siebel Mobile
<= 20.12📦
Oracle
Storagetek Acsls
= 8.5.1📦
Oracle
Storagetek Tape Analytics Sw Tool
= 2.3.1📦
Oracle
Webcenter Sites
= 12.2.1.3.0📦
Oracle
Webcenter Sites
= 12.2.1.4.0📦
Oracle
Weblogic Server
= 12.1.3.0.0📦
Oracle
Weblogic Server
= 12.2.1.3.0📦
Oracle
Weblogic Server
= 12.2.1.4.0📦
Oracle
Weblogic Server
= 14.1.1.0.0💻
Netapp
H300s Firmware
All versions💻
Netapp
H500s Firmware
All versions💻
Netapp
H700s Firmware
All versions💻
Netapp
H300e Firmware
All versions💻
Netapp
H500e Firmware
All versions💻
Netapp
H700e Firmware
All versions💻
Netapp
H410s Firmware
All versions💻
Netapp
H410c Firmware
All versions📦
Netapp
Active Iq Unified Manager
All versions📦
Netapp
Active Iq Unified Manager
All versions📦
Netapp
Active Iq Unified Manager
All versions📦
Netapp
Cloud Backup
All versions📦
Netapp
Cloud Insights Storage Workload Security Agent
All versions📦
Netapp
Hci Baseboard Management Controller
All versions📦
Netapp
Max Data
All versions📦
Netapp
Oncommand Insight
All versions📦
Netapp
Oncommand System Manager
>= 3.0 and <= 3.1.3📦
Netapp
Snap Creator Framework
All versions📦
Netapp
Snapcenter Server
All versions📦
Tenable