Vulnerability Details : CVE-2020-23064
Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.
Vulnerability category: Cross site scripting (XSS)Execute code
Products affected by CVE-2020-23064
- cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
- cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:virtual_desktop_service:-:*:*:*:*:*:*:*
Threat overview for CVE-2020-23064
Top countries where our scanners detected CVE-2020-23064
Top open port discovered on systems with this issue
80
IPs affected by CVE-2020-23064 268,924
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-23064!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-23064
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-23064
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2020-23064
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-23064
-
https://security.netapp.com/advisory/ntap-20230725-0003/
CVE-2020-23064 jQuery Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
jQuery 3.5.0 Released! | Official jQuery BlogRelease Notes
-
https://snyk.io/vuln/SNYK-JS-JQUERY-565129
Cross-site Scripting (XSS) in jquery | CVE-2020-11023 | SnykThird Party Advisory
Jump to