CVE-2020-23064
ADVISORY - githubSummary
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-jpcq-cgw6-v4j6. This link is maintained to preserve external references.
Original Description
Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
Common Weakness Enumeration (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
NIST
-
GitHub
2.8
CVSS SCORE
6.1mediumDebian
-
Ubuntu
2.8
CVSS SCORE
6.1lowRed Hat
2.8