CVE-2020-11023 in BI Publisherinfo

Summary

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

GitHub, Inc.

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
242738Oracle BI Publisher Mobile Service cross site scripting79AttackedOfficial fixCVE-2020-11023
204406Oracle Business Intelligence Enterprise Edition Service Administration UI cross site scripting79AttackedOfficial fixCVE-2020-11023
190988Oracle WebLogic Server Sample apps cross site scripting79AttackedOfficial fixCVE-2020-11023
184868Oracle Health Sciences InForm jQuery cross site scripting79AttackedOfficial fixCVE-2020-11023
179246Oracle OSS Support Tools jQuery cross site scripting79AttackedOfficial fixCVE-2020-11023
173331Oracle Database Oracle Application Express cross site scripting79AttackedOfficial fixCVE-2020-11023
163002Oracle REST Data Services jQuery cross site scripting79AttackedOfficial fixCVE-2020-11023
162985Oracle Database Server ORDS cross site scripting79AttackedOfficial fixCVE-2020-11023
162984Oracle Database Server Application Express cross site scripting79AttackedOfficial fixCVE-2020-11023
154588jQuery html cross site scripting79AttackedOfficial fixCVE-2020-11023

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!