Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)

Description

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Remediation

References

Related Vulnerabilities

WordPress Plugin Internal Links Manager Multiple Cross-Site Scripting Vulnerabilities (2.1.0)

Ruby on Rails Other Vulnerability (CVE-2013-0333)

WordPress Plugin Google Map Remote Code Execution (1.0)

WordPress Plugin Apptivo Business Site CRM Multiple Cross-Site Scripting Vulnerabilities (1.2.9)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2010-1866)

Severity

Medium

Classification

CVE-2020-11022 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities