CVE-2020-11023

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-11023
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11023.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-11023
Aliases
Downstream
Related
Published
2020-04-29T21:15:11.743Z
Modified
2026-05-28T04:05:21.367429819Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "3.0"
                },
                {
                    "last_affected": "3.1.3"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "netapp:oncommand_system_manager"
        },
        {
            "extracted_events": [
                {
                    "fixed": "20.2"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:application_express"
        },
        {
            "extracted_events": [
                {
                    "introduced": "2.7.0"
                },
                {
                    "last_affected": "2.8.0"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:banking_enterprise_collections"
        },
        {
            "extracted_events": [
                {
                    "introduced": "2.4.0"
                },
                {
                    "last_affected": "2.10.0"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:banking_platform"
        },
        {
            "extracted_events": [
                {
                    "fixed": "21.1.2"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:blockchain_platform"
        },
        {
            "extracted_events": [
                {
                    "introduced": "16.1.0"
                },
                {
                    "last_affected": "16.4.0"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_eagle_application_processor"
        },
        {
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "introduced": "6.1"
                },
                {
                    "last_affected": "6.4"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_interactive_session_recorder"
        },
        {
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "introduced": "4.1"
                },
                {
                    "last_affected": "4.3"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_operations_monitor"
        },
        {
            "extracted_events": [
                {
                    "fixed": "9.2.5.0"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:jd_edwards_enterpriseone_orchestrator"
        },
        {
            "extracted_events": [
                {
                    "fixed": "9.2.5.0"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:jd_edwards_enterpriseone_tools"
        },
        {
            "extracted_events": [
                {
                    "fixed": "2.12.41"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:oss_support_tools"
        },
        {
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "introduced": "16.2"
                },
                {
                    "last_affected": "16.2.11"
                },
                {
                    "introduced": "17.12.0"
                },
                {
                    "last_affected": "17.12.7"
                },
                {
                    "introduced": "18.8.0"
                },
                {
                    "last_affected": "18.8.9"
                },
                {
                    "introduced": "19.12.0"
                },
                {
                    "last_affected": "19.12.4"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:primavera_gateway"
        },
        {
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "last_affected": "20.12"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:siebel_mobile"
        },
        {
            "extracted_events": [
                {
                    "fixed": "6.0.9"
                }
            ],
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "tenable:log_correlation_engine"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "debian:debian_linux"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "31"
                },
                {
                    "last_affected": "32"
                },
                {
                    "last_affected": "33"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"
            ],
            "vendor_product": "fedoraproject:fedora"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "13.3.0.1"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:application_testing_suite"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "21.1.2"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:blockchain_platform"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "5.9.0.0.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*"
            ],
            "vendor_product": "oracle:business_intelligence"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.1.1"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_analytics"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.1.1"
                },
                {
                    "last_affected": "8.2.0"
                },
                {
                    "last_affected": "8.2.1"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_element_manager"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "3.4"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_operations_monitor"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_services_gatekeeper"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.1.1"
                },
                {
                    "last_affected": "8.2.0"
                },
                {
                    "last_affected": "8.2.1"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_session_report_manager"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.1.1"
                },
                {
                    "last_affected": "8.2.0"
                },
                {
                    "last_affected": "8.2.1"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_session_route_manager"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.0.4"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "2.7"
                },
                {
                    "last_affected": "2.8"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:financial_services_revenue_management_and_billing_analytics"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "6.3.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:health_sciences_inform"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "3.2.1"
                },
                {
                    "last_affected": "3.3.1"
                },
                {
                    "last_affected": "3.3.2"
                },
                {
                    "last_affected": "3.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:healthcare_translational_research"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "11.1.2.4"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:hyperion_financial_reporting"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "9.2"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:peoplesoft_enterprise_human_capital_management_resources"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "11.2.0.4"
                },
                {
                    "last_affected": "12.1.0.2"
                },
                {
                    "last_affected": "12.2.0.1"
                },
                {
                    "last_affected": "18c"
                },
                {
                    "last_affected": "19c"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
                "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
                "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
                "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
                "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*"
            ],
            "vendor_product": "oracle:rest_data_services"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.5.1"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:storagetek_acsls"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "2.3.1"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:storagetek_tape_analytics_sw_tool"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:webcenter_sites"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "12.1.3.0.0"
                },
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                },
                {
                    "last_affected": "14.1.1.0.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:weblogic_server"
        }
    ]
}
References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events
Introduced
497914920385b7016ac9c9367e0198530787adf2
Fixed
c62d5ba13e02923cf4f6e2a7ede0d2afcaa68043
Introduced
17ba30046ed57677de4feff8d07354890b40efdb
Fixed
ee0693f6d6bdc5cd772e163e6ed410567d82d33f
Introduced
f2b59e3ae8097ea01d15c708f1267b73794399c0
Fixed
ed3ab8ae68db8942877b5d6d8f3f91f090cd63fb
Database specific 
{
    "cpe": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0"
        },
        {
            "fixed": "7.70"
        },
        {
            "introduced": "8.7.0"
        },
        {
            "fixed": "8.7.14"
        },
        {
            "introduced": "8.8.0"
        },
        {
            "fixed": "8.8.6"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

7.*
7.0
7.10
7.12
7.14
7.15
7.17
7.22
7.23
7.25
7.28
7.30
7.33
7.36
7.37
7.4
7.40
7.42
7.43
7.50
7.51
7.54
7.55
7.56
7.6
7.61
7.64
7.68
7.69
7.7
7.8
7.9
8.*
8.0-alpha10
8.0-alpha11
8.0-alpha12
8.0-alpha13
8.0-alpha2
8.0-alpha3
8.0-alpha4
8.0-alpha5
8.0-alpha6
8.0-alpha7
8.0-alpha8
8.0-alpha9
8.0.0
8.0.0-alpha14
8.0.0-alpha15
8.0.0-beta1
8.0.0-beta10
8.0.0-beta11
8.0.0-beta12
8.0.0-beta13
8.0.0-beta14
8.0.0-beta15
8.0.0-beta16
8.0.0-beta2
8.0.0-beta3
8.0.0-beta4
8.0.0-beta5
8.0.0-beta6
8.0.0-beta7
8.0.0-beta9
8.0.0-rc1
8.0.0-rc2
8.0.0-rc3
8.0.0-rc4
8.1.0-beta1
8.7.0-alpha1
8.7.0-alpha2
8.7.0-beta1
8.7.0-beta2
8.7.0-rc1
8.7.10
8.7.13
8.7.2
8.7.3
8.7.4
8.7.6
8.7.7
8.7.8
8.7.9
8.8.0
8.8.2
8.8.3
8.8.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11023.json"

Git / github.com/jquery/jquery

Affected ranges

Type
GIT
Repo
https://github.com/jquery/jquery
Events
Introduced
4e3da33c59fafe34e237585743e86e24ba81046e
Fixed
7a0a850f3d41c0412609c1d32b1e602d4afe2f4e
Database specific 
{
    "cpe": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.0.3"
        },
        {
            "fixed": "3.5.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.0.3
1.0.4
1.1
1.1.1
1.1.2
1.1.3
1.1.3.1
1.1.3a
1.1.4
1.1a
1.1b
1.2
1.2.1
1.2.2
1.2.2b
1.2.2b2
1.2.3a
1.2.3b
1.2.4
1.2.4a
1.2.4b
1.2.5
1.3.1rc1
1.3b1
1.3b2
1.3rc1
1.4.3rc1
1.4.3rc2
1.4.4rc1
1.4.4rc2
1.4.4rc3
1.4a1
1.4a2
1.4rc1
1.5.1rc1
1.5.2rc1
1.5b1
1.5rc1
1.6.1rc1
1.6.2rc1
1.6.3rc1
1.6.4rc1
1.6b1
1.6rc1
1.7.1rc1
1.7.2b1
1.7.2rc1
1.7b1
1.7b2
1.7rc1
1.8b1
1.8b2
1.8rc1
1.9.0b1
2.*
2.0.0-beta3
2.0.0b1
2.0.0b2
2.1.0-beta1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11023.json"