Lucene search

[email protected]NVD:CVE-2020-11022

HistoryApr 29, 2020 - 10:15 p.m.

CVE-2020-11022

2020-04-2922:15:11

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

High

0.061 Low

EPSS

Percentile

93.6%

JSON

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Affected configurations

NVD

Node

jqueryjqueryRange1.2–3.5.0

Node

drupaldrupalRange7.0–7.70

drupaldrupalRange8.7.0–8.7.14

drupaldrupalRange8.8.0–8.8.6

Node

debiandebian_linuxMatch9.0

Node

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

Node

oracleagile_product_lifecycle_management_for_processMatch6.2.0.0

oracleapplication_testing_suiteMatch13.3.0.1

oraclebanking_digital_experienceMatch18.1

oraclebanking_digital_experienceMatch18.2

oraclebanking_digital_experienceMatch18.3

oraclebanking_digital_experienceMatch19.1

oraclebanking_digital_experienceMatch19.2

oraclebanking_digital_experienceMatch20.1

oracleblockchain_platformRange<21.1.2

oraclecommunications_application_session_controllerMatch3.8m0

oraclecommunications_billing_and_revenue_managementMatch7.5.0.23.0

oraclecommunications_billing_and_revenue_managementMatch12.0.0.3.0

oraclecommunications_diameter_signaling_router_idih\Range8.0.0–8.2.2

oraclecommunications_eagle_application_processorRange16.1.0–16.4.0

oraclecommunications_services_gatekeeperMatch7.0

oraclecommunications_webrtc_session_controllerMatch7.2

oracleenterprise_manager_ops_centerMatch12.4.0.0

oracleenterprise_session_border_controllerMatch8.4

oraclefinancial_services_analytical_applications_infrastructureRange8.0.6.0.0–8.1.0.0.0

oraclefinancial_services_analytical_applications_reconciliation_frameworkRange8.0.6–8.0.8

oraclefinancial_services_analytical_applications_reconciliation_frameworkMatch8.1.0

oraclefinancial_services_asset_liability_managementMatch8.0.6

oraclefinancial_services_asset_liability_managementMatch8.0.7

oraclefinancial_services_asset_liability_managementMatch8.1.0

oraclefinancial_services_balance_sheet_planningMatch8.0.8

oraclefinancial_services_basel_regulatory_capital_basicRange8.0.6–8.0.8

oraclefinancial_services_basel_regulatory_capital_basicMatch8.1.0

oraclefinancial_services_basel_regulatory_capital_internal_ratings_based_approachRange8.0.6–8.0.8

oraclefinancial_services_basel_regulatory_capital_internal_ratings_based_approachMatch8.1.0

oraclefinancial_services_data_foundationRange8.0.6–8.1.0

oraclefinancial_services_data_governance_for_us_regulatory_reportingRange8.0.6–8.0.9

oraclefinancial_services_data_integration_hubMatch8.0.6

oraclefinancial_services_data_integration_hubMatch8.0.7

oraclefinancial_services_data_integration_hubMatch8.1.0

oraclefinancial_services_funds_transfer_pricingMatch8.0.6

oraclefinancial_services_funds_transfer_pricingMatch8.0.7

oraclefinancial_services_funds_transfer_pricingMatch8.1.0

oraclefinancial_services_hedge_management_and_ifrs_valuationsRange8.0.6–8.0.8

oraclefinancial_services_hedge_management_and_ifrs_valuationsMatch8.1.0

oraclefinancial_services_institutional_performance_analyticsMatch8.0.6

oraclefinancial_services_institutional_performance_analyticsMatch8.0.7

oraclefinancial_services_institutional_performance_analyticsMatch8.1.0

oraclefinancial_services_liquidity_risk_managementMatch8.0.6

oraclefinancial_services_liquidity_risk_measurement_and_managementMatch8.0.7

oraclefinancial_services_liquidity_risk_measurement_and_managementMatch8.0.8

oraclefinancial_services_liquidity_risk_measurement_and_managementMatch8.1.0

oraclefinancial_services_loan_loss_forecasting_and_provisioningRange8.0.6–8.0.8

oraclefinancial_services_loan_loss_forecasting_and_provisioningMatch8.1.0

oraclefinancial_services_market_risk_measurement_and_managementMatch8.0.6

oraclefinancial_services_market_risk_measurement_and_managementMatch8.0.8

oraclefinancial_services_price_creation_and_discoveryMatch8.0.6

oraclefinancial_services_price_creation_and_discoveryMatch8.0.7

oraclefinancial_services_profitability_managementMatch8.0.6

oraclefinancial_services_profitability_managementMatch8.0.7

oraclefinancial_services_profitability_managementMatch8.1.0

oraclefinancial_services_regulatory_reporting_for_european_banking_authorityRange8.0.6–8.1.0

oraclefinancial_services_regulatory_reporting_for_us_federal_reserveRange8.0.6–8.0.9

oraclehealthcare_foundationMatch7.1.1

oraclehealthcare_foundationMatch7.2.0

oraclehealthcare_foundationMatch7.2.1

oraclehealthcare_foundationMatch7.3.0

oraclehospitality_materials_controlMatch18.1

oraclehospitality_simphonyRange19.1.0–19.1.2

oraclehospitality_simphonyMatch18.1

oraclehospitality_simphonyMatch18.2

oracleinsurance_accounting_analyzerMatch8.0.9

oracleinsurance_allocation_manager_for_enterprise_profitabilityMatch8.0.8

oracleinsurance_allocation_manager_for_enterprise_profitabilityMatch8.1.0

oracleinsurance_data_foundationRange8.0.6–8.1.0

oracleinsurance_insbridge_rating_and_underwritingRange5.0.0.0–5.6.0.0

oracleinsurance_insbridge_rating_and_underwritingMatch5.6.1.0

oraclejdeveloperMatch11.1.1.9.0

oraclejdeveloperMatch12.2.1.3.0

oraclejdeveloperMatch12.2.1.4.0

oraclepeoplesoft_enterprise_peopletoolsMatch8.56

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepolicy_automationRange12.2.0–12.2.20

oraclepolicy_automation_connector_for_siebelMatch10.4.6

oraclepolicy_automation_for_mobile_devicesRange12.2.0–12.2.20

oracleretail_back_officeMatch14.0

oracleretail_back_officeMatch14.1

oracleretail_customer_management_and_segmentation_foundationMatch19.0

oracleretail_returns_managementMatch14.0

oracleretail_returns_managementMatch14.1

oraclesiebel_ui_frameworkMatch20.8

oraclestoragetek_acslsMatch8.5.1

oracleweblogic_serverMatch10.3.6.0.0

oracleweblogic_serverMatch12.1.3.0.0

oracleweblogic_serverMatch12.2.1.3.0

oracleweblogic_serverMatch12.2.1.4.0

oracleweblogic_serverMatch14.1.1.0.0

Node

netappmax_dataMatch-

netapponcommand_insightMatch-

netapponcommand_system_managerRange3.0–3.1.3

netappsnap_creator_frameworkMatch-

netappsnapcenterMatch-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph300e_firmwareMatch-

AND

netapph300eMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

opensuseleapMatch15.1

opensuseleapMatch15.2

Node

tenablelog_correlation_engineRange<6.0.9

Node

oracleagile_product_supplier_collaboration_for_processMatch6.2.0.0

oraclebanking_digital_experienceRange18.1–20.1

oraclecommunications_application_session_controllerMatch3.8m0

oraclecommunications_billing_and_revenue_managementMatch7.5.0.23.0

oraclecommunications_billing_and_revenue_managementMatch12.0.0.3.0

oraclecommunications_diameter_signaling_router_idih\Range8.0.0–8.2.2

oraclecommunications_webrtc_session_controllerMatch7.2

oracleenterprise_manager_ops_centerMatch12.4.0.0

oracleenterprise_session_border_controllerMatch8.4

oraclefinancial_services_analytical_applications_infrastructureRange8.0.6–8.1.0