CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
93.7%
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(136929);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");
script_cve_id("CVE-2020-11022", "CVE-2020-11023");
script_xref(name:"IAVB", value:"2020-B-0030");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"JQuery 1.2 < 3.5.0 Multiple XSS");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple cross site scripting
vulnerability.");
script_set_attribute(attribute:"description", value:
"According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater
than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.
Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios
required for successful exploitation do not exist on devices running a PAN-OS release.");
script_set_attribute(attribute:"see_also", value:"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/");
script_set_attribute(attribute:"see_also", value:"https://security.paloaltonetworks.com/PAN-SA-2020-0007");
script_set_attribute(attribute:"solution", value:
"Upgrade to JQuery version 3.5.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11023");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/29");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/28");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:jquery:jquery");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("jquery_detect.nasl", "palo_alto_version.nbin", "cisco_wlc_version.nasl", "cisco_apic_version.nbin");
script_require_keys("installed_sw/jquery");
script_exclude_keys("Host/Palo_Alto/Firewall/Version", "Host/Cisco/WLC/Version");
script_require_ports("Services/www", 80);
exit(0);
}
include('http.inc');
include('vcf.inc');
if (get_kb_item('Host/Palo_Alto/Firewall/Version'))
exit(0, 'The remote host is PAN-OS, and therefore not affected.');
if (get_kb_item('Host/Cisco/WLC/Version'))
exit(0, 'The remote host is a Cisco WLC, and therefore not affected.');
var appname = 'jquery';
get_install_count(app_name:appname, exit_if_zero:TRUE);
var jport = get_http_port(default:8081);
if (get_install_count(app_name:'Cisco APIC Software') > 0)
{
var installs = get_installs(app_name:'Cisco APIC Software', port:jport);
var length = 0;
if (!isnull(installs)) length = length(installs[1]);
if (length > 0)
{
exit(0, 'The remote host is a Cisco APIC, and therefore not affected.');
}
}
var app_info = vcf::get_app_info(app:appname, port:jport, webapp:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [{'min_version':'1.2','fixed_version':'3.5.0'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING,flags:{xss:TRUE});
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
93.7%