Components Jquery vulnerabilities
2 known vulnerabilities affecting components/jquery.
Total CVEs
2
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-11023MEDIUMKEVPoC≥ 1.0.3, < 3.5.02020-04-29
CVE-2020-11023 [MEDIUM] CWE-79 Potential XSS vulnerability in jQuery
Potential XSS vulnerability in jQuery
### Impact
Passing HTML containing `` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code.
### Patches
This problem is patched in jQuery 3.5.0.
### Workarounds
To workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its
ghsaosv
CVE-2020-11022MEDIUMExploitedPoC≥ 1.2.0, < 3.5.02020-04-29
CVE-2020-11022 [MEDIUM] CWE-79 Potential XSS vulnerability in jQuery
Potential XSS vulnerability in jQuery
### Impact
Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code.
### Patches
This problem is patched in jQuery 3.5.0.
### Workarounds
To workaround the issue without upgrading, adding the following to your code:
```js
jQuery.htmlPrefilter = function( html ) {
retu
ghsaosv