vulnerability

F5: CVE-2020-11023: K66544153: jQuery vulnerability CVE-2020-11023

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Aug 3, 2020

Added

Jun 17, 2026

Modified

Jun 17, 2026

Description

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Solution

f5-bigip-upgrade-latest

References

CVE-2020-11023
https://attackerkb.com/topics/CVE-2020-11023
https://my.f5.com/manage/s/article/K66544153
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-0387
CWE-79
EUVD-EUVD-2020-0387

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report