CVE-2020-11023 — JQuery Cross-Site Scripting (XSS) Vulnerability

2025-01-23 • CISA Known Exploited Vulnerability

[event] JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.

> AFFECTED SOFTWARE

Field	Value
Vendor	JQuery
Product	JQuery
CWE	CWE-79
CVE ID	CVE-2020-11023
Date Added	2025-01-23
Due Date	2025-02-13
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2025-02-13

> REFERENCES

[1] https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
[2] https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
[3] https://nvd.nist.gov/vuln/detail/CVE-2020-11023