JQuery Cross-Site Scripting (XSS) Vulnerability

Added Jan. 23, 2025 • Due Feb. 13, 2025 • CVE-2020-11023

Overdue JQuery / JQuery CWE-79

Description

JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://nvd.nist.gov/vuln/detail/CVE-2020-11023

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 8 months ago