CVEFinder.io

CVE-2020-11022

🔶 medium
Summary

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVSS Score
6.9
Medium
EPSS Score
19.0
Exploit Probability
Published Date
2020-04-29
First Seen: 2026-01-05
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
CWE IDs (Weakness Types)
CWE-79

🔗 References 86

http://lists.opensuse.org/opensuse-security-announce...
Broken Link
http://lists.opensuse.org/opensuse-security-announce...
Broken Link
http://lists.opensuse.org/opensuse-security-announce...
Broken Link
http://packetstormsecurity.com/files/162159/jQuery-1...
Exploit Third Party Advisory VDB Entry
https://blog.jquery.com/2020/04/10/jquery-3-5-0-rele...
Release Notes Vendor Advisory
https://github.com/jquery/jquery/commit/1d61fd9407e6...
Patch Third Party Advisory
https://github.com/jquery/jquery/security/advisories...
Mitigation Third Party Advisory
https://jquery.com/upgrade-guide/3.5/
Mitigation Vendor Advisory
https://lists.apache.org/thread.html/r0483ba0072783c...
https://lists.apache.org/thread.html/r49ce4243b4738d...
https://lists.apache.org/thread.html/r54565a8f025c7c...
https://lists.apache.org/thread.html/r564585d97bc069...
https://lists.apache.org/thread.html/r706cfbc098420f...
https://lists.apache.org/thread.html/r8f70b0f65d6bed...
https://lists.apache.org/thread.html/rbb448222ba62c4...
https://lists.apache.org/thread.html/rdf44341677cf7e...
https://lists.apache.org/thread.html/re4ae96fa5c1a2f...
https://lists.apache.org/thread.html/rede9cfaa756e05...
https://lists.apache.org/thread.html/ree3bd8ddb23df5...
https://lists.debian.org/debian-lts-announce/2021/03...
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://security.gentoo.org/glsa/202007-03
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200511-0...
Third Party Advisory
https://www.debian.org/security/2020/dsa-4693
Third Party Advisory
https://www.drupal.org/sa-core-2020-002
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch Third Party Advisory
https://www.tenable.com/security/tns-2020-10
Third Party Advisory
https://www.tenable.com/security/tns-2020-11
Third Party Advisory
https://www.tenable.com/security/tns-2021-02
Third Party Advisory
https://www.tenable.com/security/tns-2021-10
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce...
Broken Link
http://lists.opensuse.org/opensuse-security-announce...
Broken Link
http://lists.opensuse.org/opensuse-security-announce...
Broken Link
http://packetstormsecurity.com/files/162159/jQuery-1...
Exploit Third Party Advisory VDB Entry
https://blog.jquery.com/2020/04/10/jquery-3-5-0-rele...
Release Notes Vendor Advisory
https://github.com/jquery/jquery/commit/1d61fd9407e6...
Patch Third Party Advisory
https://github.com/jquery/jquery/security/advisories...
Mitigation Third Party Advisory
https://jquery.com/upgrade-guide/3.5/
Mitigation Vendor Advisory
https://lists.apache.org/thread.html/r0483ba0072783c...
https://lists.apache.org/thread.html/r49ce4243b4738d...
https://lists.apache.org/thread.html/r54565a8f025c7c...
https://lists.apache.org/thread.html/r564585d97bc069...
https://lists.apache.org/thread.html/r706cfbc098420f...
https://lists.apache.org/thread.html/r8f70b0f65d6bed...
https://lists.apache.org/thread.html/rbb448222ba62c4...
https://lists.apache.org/thread.html/rdf44341677cf7e...
https://lists.apache.org/thread.html/re4ae96fa5c1a2f...
https://lists.apache.org/thread.html/rede9cfaa756e05...
https://lists.apache.org/thread.html/ree3bd8ddb23df5...
https://lists.debian.org/debian-lts-announce/2021/03...
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/08...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://lists.fedoraproject.org/archives/list/packag...
https://security.gentoo.org/glsa/202007-03
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200511-0...
Third Party Advisory
https://www.debian.org/security/2020/dsa-4693
Third Party Advisory
https://www.drupal.org/sa-core-2020-002
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch Third Party Advisory
https://www.tenable.com/security/tns-2020-10
Third Party Advisory
https://www.tenable.com/security/tns-2020-11
Third Party Advisory
https://www.tenable.com/security/tns-2021-02
Third Party Advisory
https://www.tenable.com/security/tns-2021-10
Third Party Advisory

📦 Affected Products 121

Vendor Product Status Affected Versions
debian debian_linux Affected
v9.0
oracle jdeveloper Affected
v11.1.1.9.0
oracle jdeveloper Affected
v12.2.1.3.0
oracle jdeveloper Affected
v12.2.1.4.0
oracle peoplesoft_enterprise_peopletools Affected
v8.56
oracle peoplesoft_enterprise_peopletools Affected
v8.57
oracle peoplesoft_enterprise_peopletools Affected
v8.58
drupal drupal Affected
≥ 7.0 < 7.70
drupal drupal Affected
≥ 8.7.0 < 8.7.14
drupal drupal Affected
≥ 8.8.0 < 8.8.6
fedoraproject fedora Affected
v31
fedoraproject fedora Affected
v32
fedoraproject fedora Affected
v33
oracle weblogic_server Affected
v10.3.6.0.0
oracle weblogic_server Affected
v12.1.3.0.0
oracle weblogic_server Affected
v12.2.1.3.0
oracle weblogic_server Affected
v12.2.1.4.0
oracle weblogic_server Affected
v14.1.1.0.0
jquery jquery Affected
≥ 1.2 < 3.5.0
oracle application_testing_suite Affected
v13.3.0.1
oracle enterprise_manager_ops_center Affected
v12.4.0.0
oracle siebel_ui_framework Affected
v20.8
netapp oncommand_system_manager Affected
≥ 3.0 ≤ 3.1.3
oracle agile_product_supplier_collaboration_for_process Affected
v6.2.0.0
netapp snap_creator_framework Affected
v-
opensuse leap Affected
v15.1
opensuse leap Affected
v15.2
oracle financial_services_asset_liability_management Affected
v8.0.6
oracle financial_services_asset_liability_management Affected
v8.0.7
oracle financial_services_asset_liability_management Affected
v8.1.0
oracle financial_services_analytical_applications_infrastructure Affected
≥ 8.0.6 ≤ 8.1.0
oracle financial_services_analytical_applications_infrastructure Affected
≥ 8.0.6.0.0 ≤ 8.1.0.0.0
oracle financial_services_funds_transfer_pricing Affected
v8.0.6
oracle financial_services_funds_transfer_pricing Affected
v8.0.7
oracle financial_services_funds_transfer_pricing Affected
v8.1.0
oracle financial_services_profitability_management Affected
v8.0.6
oracle financial_services_profitability_management Affected
v8.0.7
oracle financial_services_profitability_management Affected
v8.1.0
oracle financial_services_balance_sheet_planning Affected
v8.0.8
oracle retail_customer_management_and_segmentation_foundation Affected
v19.0
oracle financial_services_market_risk_measurement_and_management Affected
v8.0.6
oracle financial_services_market_risk_measurement_and_management Affected
v8.0.8
oracle financial_services_price_creation_and_discovery Affected
v8.0.6
oracle financial_services_price_creation_and_discovery Affected
v8.0.7
netapp snapcenter Affected
v-
netapp oncommand_insight Affected
v-
oracle communications_services_gatekeeper Affected
v7.0
oracle communications_eagle_application_processor Affected
≥ 16.1.0 ≤ 16.4.0
oracle retail_returns_management Affected
v14.0
oracle retail_returns_management Affected
v14.1
oracle hospitality_simphony Affected
≥ 19.1.0 ≤ 19.1.2
oracle hospitality_simphony Affected
v18.1
oracle hospitality_simphony Affected
v18.2
oracle hospitality_simphony Affected
v19.1.0-19.1.2
oracle hospitality_materials_control Affected
v18.1
tenable log_correlation_engine Affected
< 6.0.9
oracle communications_application_session_controller Affected
v3.8m0
oracle banking_digital_experience Affected
≥ 18.1 ≤ 20.1
oracle banking_digital_experience Affected
v18.1
oracle banking_digital_experience Affected
v18.2
oracle banking_digital_experience Affected
v18.3
oracle banking_digital_experience Affected
v19.1
oracle banking_digital_experience Affected
v19.2
oracle banking_digital_experience Affected
v20.1
oracle retail_back_office Affected
v14.0
oracle retail_back_office Affected
v14.1
oracle financial_services_liquidity_risk_management Affected
v8.0.6
oracle financial_services_loan_loss_forecasting_and_provisioning Affected
≥ 8.0.6 ≤ 8.0.8
oracle financial_services_loan_loss_forecasting_and_provisioning Affected
v8.1.0
oracle financial_services_basel_regulatory_capital_basic Affected
≥ 8.0.6 ≤ 8.0.8
oracle financial_services_basel_regulatory_capital_basic Affected
v8.1.0
oracle insurance_accounting_analyzer Affected
v8.0.9
oracle financial_services_hedge_management_and_ifrs_valuations Affected
≥ 8.0.6 ≤ 8.0.8
oracle financial_services_hedge_management_and_ifrs_valuations Affected
v8.1.0
oracle financial_services_data_foundation Affected
≥ 8.0.6 ≤ 8.1.0
oracle enterprise_session_border_controller Affected
v8.4
oracle communications_webrtc_session_controller Affected
v7.2
oracle financial_services_liquidity_risk_measurement_and_management Affected
v8.0.7
oracle financial_services_liquidity_risk_measurement_and_management Affected
v8.0.8
oracle financial_services_liquidity_risk_measurement_and_management Affected
v8.1.0
oracle healthcare_foundation Affected
v7.1.1
oracle healthcare_foundation Affected
v7.2.0
oracle healthcare_foundation Affected
v7.2.1
oracle healthcare_foundation Affected
v7.3.0
oracle communications_billing_and_revenue_management Affected
v12.0.0.3.0
oracle communications_billing_and_revenue_management Affected
v7.5.0.23.0
oracle communications_diameter_signaling_router_idih\ Affected
≥ 8.0.0 ≤ 8.2.2
oracle financial_services_analytical_applications_reconciliation_framework Affected
≥ 8.0.6 ≤ 8.0.8
oracle financial_services_analytical_applications_reconciliation_framework Affected
v8.1.0
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach Affected
≥ 8.0.6 ≤ 8.0.8
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach Affected
v8.1.0
oracle financial_services_data_governance_for_us_regulatory_reporting Affected
≥ 8.0.6 ≤ 8.0.9
oracle financial_services_data_integration_hub Affected
v8.0.6
oracle financial_services_data_integration_hub Affected
v8.0.7
oracle financial_services_data_integration_hub Affected
v8.1.0
oracle financial_services_institutional_performance_analytics Affected
v8.0.6
oracle financial_services_institutional_performance_analytics Affected
v8.0.7
oracle financial_services_institutional_performance_analytics Affected
v8.1.0
oracle financial_services_regulatory_reporting_for_european_banking_authority Affected
≥ 8.0.6 ≤ 8.1.0
oracle financial_services_regulatory_reporting_for_us_federal_reserve Affected
≥ 8.0.6 ≤ 8.0.9
oracle insurance_allocation_manager_for_enterprise_profitability Affected
v8.0.8
oracle insurance_allocation_manager_for_enterprise_profitability Affected
v8.1.0
oracle insurance_data_foundation Affected
≥ 8.0.6 ≤ 8.1.0
oracle insurance_data_foundation Affected
v8.0.6-8.1.0
oracle insurance_insbridge_rating_and_underwriting Affected
≥ 5.0.0.0 ≤ 5.6.0.0
oracle insurance_insbridge_rating_and_underwriting Affected
v5.6.1.0
oracle policy_automation Affected
≥ 12.2.0 ≤ 12.2.20
oracle policy_automation_for_mobile_devices Affected
≥ 12.2.0 ≤ 12.2.20
netapp h300e_firmware Affected
v-
netapp h300s_firmware Affected
v-
netapp h410c_firmware Affected
v-
netapp h410s_firmware Affected
v-
netapp h500e_firmware Affected
v-
netapp h500s_firmware Affected
v-
netapp h700e_firmware Affected
v-
netapp h700s_firmware Affected
v-
oracle agile_product_lifecycle_management_for_process Affected
v6.2.0.0
oracle policy_automation_connector_for_siebel Affected
v10.4.6
netapp max_data Affected
v-
oracle blockchain_platform Affected
< 21.1.2
oracle storagetek_acsls Affected
v8.5.1

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-68670 â›” critical 9.1 0.3 xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi... 2026-01-27
CVE-2026-24061 â›” critical 9.8 29.6 telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment ... 2026-01-21
CVE-2026-21934 🔶 medium 5.4 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Push Notifications). Su... 2026-01-20
CVE-2026-21938 🔶 medium 6.1 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported vers... 2026-01-20
CVE-2026-21951 🔶 medium 6.1 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Su... 2026-01-20
CVE-2026-21944 🔶 medium 6.5 0.0 Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Pr... 2026-01-20
These CVEs affect the same products