Affected versions of Bitbucket Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting (XSS) vulnerabilities.

A jquery patch has been applied for Bitbucket versions >= 7.10.0.

Affected configurations

Vulners

Node

atlassianbitbucket_data_centerRange≤7.9.0

atlassianbitbucket_data_centerRange<7.10.0

CPENameOperatorVersion
bitbucket data centerle7.9.0
bitbucket data centerlt7.10.0

CPE	Name	Operator	Version
	bitbucket data center	le	7.9.0
	bitbucket data center	lt	7.10.0

fedora 6

atlassian 4

nessus 51

ibm 34

joomla 1

hp 2

attackerkb 2

osv 12

openvas 21

suse 3

githubexploit 3

debian 2

oraclelinux 4

checkpoint_advisories 1

drupal 1

redhat 8

gentoo 1

typo3 1

altlinux 1

github 4

freebsd 1

veracode 2

nodejs 1

packetstorm 2

cve 3

prion 2

amazon 1

zdt 2

ubuntucve 2

f5 2

debiancve 3

cvelist 2

redhatcve 2

alpinelinux 2

almalinux 2

ics 1

nvd 2

hackerone 1

rocky 1

exploitdb 2

adobe 1

fedora

[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32

2020-06-16 01:32:24

[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33

2020-09-25 17:15:48

[SECURITY] Fedora 32 Update: cacti-1.2.13-1.fc32

2020-07-23 01:06:59

atlassian

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

2021-02-02 09:59:24

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

2021-02-02 09:59:24

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

2021-02-16 18:28:38

nessus

Debian DLA-2608-1 : jquery security update

2021-03-26 00:00:00

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19)

2022-09-01 00:00:00

JQuery 1.2 < 3.5.0 Multiple XSS

2020-05-28 00:00:00

ibm

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Sourcing (CVE-2020-11023, CVE-2020-11022)

2020-12-03 09:54:47

Security Bulletin: Multiple vulnerabilities in jQuery affect IBM WIoTP MessageGateway (CVE-2020-11023, CVE-2020-11022)

2020-08-11 19:22:50

Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022)

2020-08-10 20:34:42

joomla

[20200604] - Core - XSS in jQuery.htmlPrefilter

2020-04-10 00:00:00

HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)

2020-09-17 00:00:00

Certain HP Printers and MFP products - Cross-Site Scripting (XSS)

2020-09-17 00:00:00

attackerkb

CVE-2020-11023

2020-04-29 00:00:00

CVE-2020-11022

2020-04-29 00:00:00

osv

jquery - security update

2021-03-25 00:00:00

drupal7 - security update

2020-05-26 00:00:00

Persistent Cross-site Scripting vulnerability in PrivateBin

2022-04-12 20:45:22

openvas

openSUSE: Security Advisory for otrs (openSUSE-SU-2020:1888-1)

2020-11-10 00:00:00

Debian: Security Advisory (DLA-2608-1)

2021-03-26 00:00:00

Discourse < 2.5.0.beta5 Multiple Vulnerabilities

2020-05-28 00:00:00

suse

Security update for otrs (moderate)

2020-11-10 00:00:00

Security update for cacti, cacti-spine (moderate)

2020-07-25 00:00:00

Security update for cacti, cacti-spine (moderate)

2020-07-28 00:00:00

githubexploit

Exploit for Cross-site Scripting in Jquery

2021-10-16 01:10:33

Exploit for Cross-site Scripting in Jquery

2020-11-02 20:55:10

Exploit for Cross-site Scripting in Jquery

2020-04-14 19:12:01

debian

[SECURITY] [DSA 4693-1] drupal7 security update

2020-05-26 21:08:21

[SECURITY] [DLA 2608-1] jquery security update

2021-03-26 01:32:22

oraclelinux

jquery-ui security update

2022-03-01 00:00:00

ipa security and bug fix update

2021-03-19 00:00:00

bootstrap security update

2021-08-09 00:00:00

checkpoint_advisories

jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)

2020-11-16 00:00:00

drupal

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

2020-05-20 00:00:00

redhat

(RHSA-2020:4211) Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update

2020-10-08 06:44:00

(RHSA-2020:3807) Moderate: Red Hat Virtualization security, bug fix, and enhancement update

2020-09-23 15:54:23

(RHSA-2021:1846) Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-18 06:14:07

gentoo

Cacti: Multiple vulnerabilities

2020-07-26 00:00:00

typo3

Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)

2020-07-29 00:00:00

altlinux

Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1

2020-10-21 00:00:00

github

Persistent Cross-site Scripting vulnerability in PrivateBin

2022-04-12 20:45:22

Potential XSS vulnerability in jQuery

2020-04-29 22:19:14

Potential XSS vulnerability in jQuery

2020-04-29 22:18:55

freebsd

Cacti -- multiple vulnerabilities

2020-07-15 00:00:00

veracode

Cross-Site Scripting (XSS)

2020-04-30 01:59:55

Cross-Site Scripting (XSS)

2020-04-30 02:21:22

nodejs

Cross-Site Scripting

2020-04-30 18:19:09

packetstorm

jQuery 1.2 Cross Site Scripting

2021-04-14 00:00:00

jQuery 1.0.3 Cross Site Scripting

2021-04-14 00:00:00

cve

CVE-2020-11022

2020-04-29 22:15:11

CVE-2020-11023

2020-04-29 21:15:11

CVE-2020-23064

2023-06-26 19:15:09

prion

Code injection

2020-04-29 21:15:00

Code injection

2020-04-29 22:15:00

amazon

Medium: ipa

2021-04-20 17:55:00

zdt

jQuery 1.0.3 - Cross-Site Scripting Vulnerability

2021-04-14 00:00:00

jQuery 1.2 - Cross-Site Scripting Vulnerability

2021-04-14 00:00:00

ubuntucve

CVE-2020-11022

2020-04-29 00:00:00

CVE-2020-11023

2020-04-29 00:00:00

K02453220 : jQuery vulnerability CVE-2020-11022

2020-08-03 00:00:00

K66544153 : jQuery vulnerability CVE-2020-11023

2020-08-03 00:00:00

debiancve

CVE-2020-11022

2020-04-29 22:15:11

CVE-2020-11023

2020-04-29 21:15:11

CVE-2020-23064

2023-06-26 19:15:09

cvelist

CVE-2020-11022 Potential XSS vulnerability in jQuery

2020-04-29 00:00:00

CVE-2020-11023 Potential XSS vulnerability in jQuery

2020-04-29 00:00:00

redhatcve

CVE-2020-11022

2020-04-29 23:09:52

CVE-2020-11023

2021-06-20 07:11:02

alpinelinux

CVE-2020-11023

2020-04-29 21:15:11

CVE-2020-11022

2020-04-29 22:15:11

almalinux

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-18 06:14:07

Low: pcs security, bug fix, and enhancement update

2021-11-09 08:21:49

ics

Sensormatic Electronics VideoEdge

2021-11-02 12:00:00

nvd

CVE-2020-11023

2020-04-29 21:15:11

CVE-2020-11022

2020-04-29 22:15:11

hackerone

Reddit: CVE-2020-11022

2022-12-20 17:19:58

rocky

idm:DL1 and idm:client security, bug fix, and enhancement update

2021-05-18 06:14:07

exploitdb

jQuery 1.2 - Cross-Site Scripting (XSS)

2021-04-14 00:00:00

jQuery 1.0.3 - Cross-Site Scripting (XSS)

2021-04-14 00:00:00

adobe

APSB19-38 Security update available for Adobe Experience Manager

2019-07-09 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

0.061 Low

EPSS

Percentile

93.6%

JSON

Related for BSERV-13449