CVE-2020-23064

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions jQuery versions 2.2.0 through 3.5.0

Description The issue is related to Cross Site Scripting vulnerability, which allows a remote attacker to execute arbitrary code via the <option> element. Passing HTML containing <option> elements from untrusted sources to one of jQuery's DOM manipulation methods, such as .html() or .append(), may execute untrusted code.

Recommendations To resolve the issue, update to jQuery 3.5.0 or later. As a temporary workaround, use DOMPurify with its SAFE FOR JQUERY option to sanitize the HTML string before passing it to a jQuery method.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2025_1210

ALSA-2025_1215

ALSA-2025_1300

ALSA-2025_1301

ALSA-2025_1306

ALSA-2025_1309

ALSA-2025_1314

ALSA-2025_1329

ALSA-2025_1338

ALSA-2025_1346

ALSA-2025_16880

BDU:2023-07697

CVE-2020-23064

GHSA-257Q-PV89-V3XV

GHSA-JPCQ-CGW6-V4J6

OESA-2023-1446

OESA-2023-1447

Affected Products

Jquery

CVE-2020-23064

Weakness Enumeration

Related Identifiers

Affected Products

References · 135