CVE-2020-11022 - Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.07242.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

jquery

jQuery

affected

Version	Status	Constraints
`>= 1.2, < 3.5.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:18.3:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:19.2:::::::*
	cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::*
	cpe:2.3:a:oracle:blockchain_platform::::::::
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\:::::::::
	cpe:2.3:a:oracle:communications_eagle_application_processor::::::::
	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_data_foundation::::::::
	cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority::::::::
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
	cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
	cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony::::::::
	cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
cpe:2.3:a:oracle:insurance_data_foundation::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:netapp:max_data:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_system_manager::::::::
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 15 [-]

OR	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

Configuration 16 [-]

cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*

Configuration 17 [-]

OR	cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:::::::*
	cpe:2.3:a:oracle:banking_digital_experience::::::::
	cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\:::::::::
	cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::
	cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_data_foundation::::::::
	cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::
	cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::
	cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:::::::*
	cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority::::::::
	cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::
	cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.2.1:::::::*
	cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*
	cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*
	cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:::::::*
	cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*
	cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*
	cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*
	cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:::::::*
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::
	cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:policy_automation::::::::
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::
cpe:2.3:a:oracle:retail_back_office:14.0:::::::*
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Package	CPE	Advisory	Released Date
A-MQ Interconnect 1.y for RHEL 6
qpid-dispatch-0:1.13.0-3.el6_10	cpe:/a:redhat:amq_interconnect:1::el6	RHSA-2020:4211	2020-10-08T00:00:00Z
A-MQ Interconnect 1.y for RHEL 7
qpid-dispatch-0:1.13.0-3.el7	cpe:/a:redhat:amq_interconnect:1::el7	RHSA-2020:4211	2020-10-08T00:00:00Z
A-MQ Interconnect 1.y for RHEL 8
qpid-dispatch-0:1.13.0-3.el8	cpe:/a:redhat:amq_interconnect:1::el8	RHSA-2020:4211	2020-10-08T00:00:00Z
Openshift Service Mesh 1.0
jaeger-0:v1.13.1.redhat7-1.el7	cpe:/a:redhat:service_mesh:1.0::el7	RHSA-2020:2362	2020-06-02T00:00:00Z
kiali-0:v1.0.11.redhat1-1.el7	cpe:/a:redhat:service_mesh:1.0::el7	RHSA-2020:2362	2020-06-02T00:00:00Z
OpenShift Service Mesh 1.0
servicemesh-grafana-0:6.2.2-36.el8	cpe:/a:redhat:service_mesh:1.0::el8	RHSA-2020:2362	2020-06-02T00:00:00Z
Red Hat Ansible Tower 3.6 for RHEL 7
ansible-tower-36/ansible-tower:3.6.7-1	cpe:/a:redhat:ansible_tower:3.6::el7	RHSA-2021:0778	2021-03-09T00:00:00Z
Red Hat Ansible Tower 3.7 for RHEL 7
ansible-tower-37/ansible-tower-rhel7:3.7.4-1	cpe:/a:redhat:ansible_tower:3.7::el7	RHSA-2020:5249	2020-11-30T00:00:00Z
Red Hat Enterprise Linux 7
ipa-0:4.6.8-5.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3936	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8
idm:client-8030020200923172426.05ac3f11	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4670	2020-11-04T00:00:00Z
idm:DL1-8030020200923172343.9c827e52	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4670	2020-11-04T00:00:00Z
pki-core:10.6-8030020200911215836.5ff1562f	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
pki-deps:10.6-8030020200527165326.30b713e6	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
jquery	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:0556	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:0553	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:0554	2023-01-31T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:0552	2023-01-31T00:00:00Z
Red Hat OpenShift Container Platform 3.11
atomic-openshift-web-console-0:3.11.219-1.git.1.9b9b889.el7	cpe:/a:redhat:openshift:3.11::el7	RHSA-2020:2217	2020-05-28T00:00:00Z
Red Hat OpenShift Container Platform 4.5
openshift4/ose-console:v4.5.0-202007012112.p0	cpe:/a:redhat:openshift:4.5::el7	RHSA-2020:2412	2020-07-13T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-grafana:v4.6.0-202010061132.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
openshift4/ose-prometheus:v4.6.0-202009290409.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
Red Hat Single Sign-On 7
keycloak-idp-jquery	cpe:/a:redhat:red_hat_single_sign_on:7.6	RHSA-2023:1049	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.4.1
js-jquery	cpe:/a:redhat:jboss_single_sign_on:7.4	RHSA-2020:2813	2020-07-02T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:1043	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:1044	2023-03-01T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:1045	2023-03-01T00:00:00Z
Red Hat Virtualization Engine 4.4
ovirt-engine-ui-extensions-0:1.2.2-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2020:3247	2020-08-04T00:00:00Z
ovirt-web-ui-0:1.6.4-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2020:3807	2020-09-23T00:00:00Z
org.ovirt.engine-root-0:4.5.2.4-1	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2022:6393	2022-09-08T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-20	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:1047	2023-03-01T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Debian Subscribe	Debian Linux Subscribe
Drupal Subscribe	Drupal Subscribe
Fedoraproject Subscribe	Fedora Subscribe
Jquery Subscribe	Jquery Subscribe
Netapp Subscribe	H300e Subscribe H300e Firmware Subscribe H300s Subscribe H300s Firmware Subscribe H410c Subscribe H410c Firmware Subscribe H410s Subscribe H410s Firmware Subscribe H500e Subscribe H500e Firmware Subscribe H500s Subscribe H500s Firmware Subscribe H700e Subscribe H700e Firmware Subscribe H700s Subscribe H700s Firmware Subscribe Max Data Subscribe Oncommand Insight Subscribe Oncommand System Manager Subscribe Snap Creator Framework Subscribe Snapcenter Subscribe
Opensuse Subscribe	Leap Subscribe
Oracle Subscribe	Agile Product Lifecycle Management For Process Subscribe Agile Product Supplier Collaboration For Process Subscribe Application Testing Suite Subscribe Banking Digital Experience Subscribe Blockchain Platform Subscribe Communications Application Session Controller Subscribe Communications Billing And Revenue Management Subscribe Communications Diameter Signaling Router Idih\ Subscribe Communications Eagle Application Processor Subscribe Communications Services Gatekeeper Subscribe Communications Webrtc Session Controller Subscribe Enterprise Manager Ops Center Subscribe Enterprise Session Border Controller Subscribe Financial Services Analytical Applications Infrastructure Subscribe Financial Services Analytical Applications Reconciliation Framework Subscribe Financial Services Asset Liability Management Subscribe Financial Services Balance Sheet Planning Subscribe Financial Services Basel Regulatory Capital Basic Subscribe Financial Services Basel Regulatory Capital Internal Ratings Based Approach Subscribe Financial Services Data Foundation Subscribe Financial Services Data Governance For Us Regulatory Reporting Subscribe Financial Services Data Integration Hub Subscribe Financial Services Funds Transfer Pricing Subscribe Financial Services Hedge Management And Ifrs Valuations Subscribe Financial Services Institutional Performance Analytics Subscribe Financial Services Liquidity Risk Management Subscribe Financial Services Liquidity Risk Measurement And Management Subscribe Financial Services Loan Loss Forecasting And Provisioning Subscribe Financial Services Market Risk Measurement And Management Subscribe Financial Services Price Creation And Discovery Subscribe Financial Services Profitability Management Subscribe Financial Services Regulatory Reporting For European Banking Authority Subscribe Financial Services Regulatory Reporting For Us Federal Reserve Subscribe Healthcare Foundation Subscribe Hospitality Materials Control Subscribe Hospitality Simphony Subscribe Insurance Accounting Analyzer Subscribe Insurance Allocation Manager For Enterprise Profitability Subscribe Insurance Data Foundation Subscribe Insurance Insbridge Rating And Underwriting Subscribe Jdeveloper Subscribe Peoplesoft Enterprise Peopletools Subscribe Policy Automation Subscribe Policy Automation Connector For Siebel Subscribe Policy Automation For Mobile Devices Subscribe Retail Back Office Subscribe Retail Customer Management And Segmentation Foundation Subscribe Retail Returns Management Subscribe Siebel Ui Framework Subscribe Storagetek Acsls Subscribe Weblogic Server Subscribe
Redhat Subscribe	Amq Interconnect Subscribe Ansible Tower Subscribe Enterprise Linux Subscribe Jboss Enterprise Application Platform Subscribe Jboss Single Sign On Subscribe Openshift Subscribe Red Hat Single Sign On Subscribe Rhev Manager Subscribe Rhosemc Subscribe Service Mesh Subscribe
Tenable Subscribe	Log Correlation Engine Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-2608-1	jquery security update
Debian DLA	DLA-3551-1	otrs2 security update
Debian DSA	DSA-4693-1	drupal7 security update
Github GHSA	GHSA-gxr4-xjj5-5px2	Potential XSS vulnerability in jQuery
Ubuntu USN	USN-7246-1	jQuery vulnerabilities
Ubuntu USN	USN-7622-1	jQuery vulnerabilities
Ubuntu USN	USN-7658-1	Drupal vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html
http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
https://jquery.com/upgrade-guide/3.5/
https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E
https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
https://nvd.nist.gov/vuln/detail/CVE-2020-11022
https://security.gentoo.org/glsa/202007-03
https://security.netapp.com/advisory/ntap-20200511-0006/
https://www.cve.org/CVERecord?id=CVE-2020-11022
https://www.debian.org/security/2020/dsa-4693
https://www.drupal.org/sa-core-2020-002
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2020-10
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-02
https://www.tenable.com/security/tns-2021-10

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.10443}`	epss `{'score': 0.23711}`

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.05513}`	epss `{'score': 0.10443}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-04-29T00:00:00

Updated: 2024-08-04T11:21:14.453Z

Reserved: 2020-03-30T00:00:00

Link: CVE-2020-11022

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-29T22:15:11.903

Modified: 2024-11-21T04:56:36.110

Link: CVE-2020-11022

Redhat

Severity : Moderate

Publid Date: 2020-04-23T00:00:00Z

Links: CVE-2020-11022 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object