JQuery Cross-Site Scripting (XSS) sebezhetősége
Angol cím: JQuery Cross-Site Scripting (XSS) Vulnerability
Publikálás dátuma: 2025.01.24.
Utolsó módosítás dátuma: 2025.01.24.
Leírás
A program nem, vagy nem megfelelően szűri a felhasználó által megadott bemeneti adatokat, mielőtt azt átadná más felhasználókat kiszolgáló weblap részére.
Leírás forrása: CWE-79 Leírás utolsó módosítása: 2024.11.19.Elemzés leírás
Eredeti nyelven: In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Elemzés leírás forrása: CVE-2020-11023 Elemzés leírás utolsó módosítása: 2025.01.23.Hatás
CVSS3.1 Súlyosság és Metrika
Base score: 6.1 (Közepes)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality Impact (C): Low
Integrity Impact (I): Low
Availability Impact (A): None
Következmények
Loss of availability (Elérhetőség elvesztése)Loss of confidentiality (Bizalmasság elvesztése)
Loss of integrity (Sértetlenség elvesztése)
Hivatkozások
debian.org
oracle.com
opensuse.org
jquery.com
github.com
github.com
tenable.com
Sérülékeny szoftverek
Configuration 1
cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*
From (including)
1.0.3 Up to (excluding)
3.5.0
Configuration 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Configuration 3
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Configuration 4
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
From (including)
7.0 Up to (excluding)
7.70
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
From (including)
8.7.0 Up to (excluding)
8.7.14
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
From (including)
8.8.0 Up to (excluding)
8.8.6
Configuration 5
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
Up to (excluding)
20.2
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*
From (including)
2.7.0 Up to (including)
2.8.0
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
From (including)
2.4.0 Up to (including)
2.10.0
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*
From (including)
16.1.0 Up to (including)
16.4.0
cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*From (including)
6.1 Up to (including)
6.4
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*
From (including)
4.1 Up to (including)
4.3
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
Up to (excluding)
9.2.5.0
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*) Up to (excluding)
9.2.5.0
cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*
Up to (excluding)
2.12.41
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
From (including)
16.2 Up to (including)
16.2.11
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
From (including)
17.12.0 Up to (including)
17.12.7
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
From (including)
18.8.0 Up to (including)
18.8.9
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
From (including)
19.12.0 Up to (including)
19.12.4
cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:*
Up to (including)
20.12
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Configuration 6
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Running on/with
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
Configuration 7
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Running on/with
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
Configuration 8
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Running on/with
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
Configuration 9
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
Running on/with
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
Configuration 10
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
Running on/with
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
Configuration 11
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
Running on/with
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
Configuration 12
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Running on/with
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
Configuration 13
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
Running on/with
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
Configuration 14
cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*
From (including)
3.0 Up to (including)
3.1.3
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
Configuration 15
cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*
Up to (excluding)
6.0.9
