CVE-2020-11022
Medium
R
Reddit
Submitted None
Actions:
Reported by
greymanx1
Vulnerability Details
Technical details and impact analysis
## Summary:
CVE-2020-11022 at " https://app.spiketrap.io/users/sign_in "
## Steps To Reproduce:
Cross-Site Scripting (XSS)
# Proof of Concept 1:
<option><style></option></select><img src=x onerror=alert(1)></style>
## Supporting Material/References:
https://security.snyk.io/vuln/SNYK-JS-JQUERY-567880
https://github.com/TIBCOSoftware/Augmented-Reality/issues/65
https://www.exploit-db.com/exploits/49766
https://www.cybersecurity-help.cz/vdb/SB2020042126
* [attachment / reference]
## Impact
Cross site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.
Related CVEs
Associated Common Vulnerabilities and Exposures
CVE-2020-11022
MEDIUM
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Report Details
Additional information and metadata
State
Closed
Substate
Not-Applicable
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected