CVE-2020-11022
high-risk
Published 2020-04-29
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Do I need to act?
~
2.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.9/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
Agile Product Lifecycle Management For Process
Communications Diameter Signaling Router Idih\
Communications Eagle Application Processor
References (90)
and 70 more references
57
/ 100
high-risk
Severity
21/34 · High
Exploitability
5/34 · Minimal
Exposure
31/34 · Critical