WEB JQuery Potential XSS vulnerability -1 (CVE-2020-11022)

Rule ID

1232844

Severity

Medium

Description

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Impact

Information disclosure

Recommendation

Update vendor's patch.

IPS Category

Exploits

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2020-11022

CVE-2020-11023

ICSA-21-306-01

ICSA-22-055-02

ICSA-22-097-01

ICSA-22-055-02

ICSA-22-097-01

ICSA-22-342-02

CVE-2020-23064

ICSA-24-074-03

T1059

T0853

Keywords

N/A

Date Created

2023/05/24

Last Updated

2024/03/15