In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html cve-icon cve-icon
http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html cve-icon cve-icon
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ cve-icon cve-icon
https://github.com/advisories/GHSA-gxr4-xjj5-5px2 cve-icon
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 cve-icon cve-icon
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 cve-icon cve-icon
https://jquery.com/upgrade-guide/3.5/ cve-icon cve-icon
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-11022 cve-icon
https://security.gentoo.org/glsa/202007-03 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20200511-0006/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-11022 cve-icon
https://www.debian.org/security/2020/dsa-4693 cve-icon cve-icon
https://www.drupal.org/sa-core-2020-002 cve-icon cve-icon
https://www.oracle.com//security-alerts/cpujul2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuApr2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2021.html cve-icon cve-icon
https://www.tenable.com/security/tns-2020-10 cve-icon cve-icon
https://www.tenable.com/security/tns-2020-11 cve-icon cve-icon
https://www.tenable.com/security/tns-2021-02 cve-icon cve-icon
https://www.tenable.com/security/tns-2021-10 cve-icon cve-icon
History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.10443}

epss

{'score': 0.23711}


Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.05513}

epss

{'score': 0.10443}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-04T11:21:14.453Z

Reserved: 2020-03-30T00:00:00

Link: CVE-2020-11022

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-04-29T22:15:11.903

Modified: 2024-11-21T04:56:36.110

Link: CVE-2020-11022

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-04-23T00:00:00Z

Links: CVE-2020-11022 - Bugzilla

cve-icon OpenCVE Enrichment

No data.