vulnerability

Oracle Linux: CVE-2020-11022: ELSA-2020-3936: ipa security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Try Surface Command
Back to search
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Apr 23, 2020
Added
Oct 7, 2020
Modified
Dec 3, 2025

Description

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.

Solutions

oracle-linux-upgrade-apache-commons-collectionsoracle-linux-upgrade-apache-commons-langoracle-linux-upgrade-apache-commons-netoracle-linux-upgrade-bea-stax-apioracle-linux-upgrade-bind-dyndb-ldaporacle-linux-upgrade-custodiaoracle-linux-upgrade-glassfish-fastinfosetoracle-linux-upgrade-glassfish-jaxb-apioracle-linux-upgrade-glassfish-jaxb-coreoracle-linux-upgrade-glassfish-jaxb-runtimeoracle-linux-upgrade-glassfish-jaxb-txw2oracle-linux-upgrade-ipa-clientoracle-linux-upgrade-ipa-client-commonoracle-linux-upgrade-ipa-client-epnoracle-linux-upgrade-ipa-client-sambaoracle-linux-upgrade-ipa-commonoracle-linux-upgrade-ipa-healthcheckoracle-linux-upgrade-ipa-healthcheck-coreoracle-linux-upgrade-ipa-python-compatoracle-linux-upgrade-ipa-selinuxoracle-linux-upgrade-ipa-serveroracle-linux-upgrade-ipa-server-commonoracle-linux-upgrade-ipa-server-dnsoracle-linux-upgrade-ipa-server-trust-adoracle-linux-upgrade-jackson-annotationsoracle-linux-upgrade-jackson-coreoracle-linux-upgrade-jackson-databindoracle-linux-upgrade-jackson-jaxrs-json-provideroracle-linux-upgrade-jackson-jaxrs-providersoracle-linux-upgrade-jackson-module-jaxb-annotationsoracle-linux-upgrade-jakarta-commons-httpclientoracle-linux-upgrade-javassistoracle-linux-upgrade-javassist-javadocoracle-linux-upgrade-jquery-uioracle-linux-upgrade-jssoracle-linux-upgrade-jss-javadocoracle-linux-upgrade-ldapjdkoracle-linux-upgrade-ldapjdk-javadocoracle-linux-upgrade-opendnssecoracle-linux-upgrade-pki-baseoracle-linux-upgrade-pki-base-javaoracle-linux-upgrade-pki-caoracle-linux-upgrade-pki-kraoracle-linux-upgrade-pki-serveroracle-linux-upgrade-pki-servlet-4-0-apioracle-linux-upgrade-pki-servlet-engineoracle-linux-upgrade-pki-symkeyoracle-linux-upgrade-pki-toolsoracle-linux-upgrade-python2-ipaclientoracle-linux-upgrade-python2-ipaliboracle-linux-upgrade-python2-ipaserveroracle-linux-upgrade-python3-custodiaoracle-linux-upgrade-python3-ipaclientoracle-linux-upgrade-python3-ipaliboracle-linux-upgrade-python3-ipaserveroracle-linux-upgrade-python3-jwcryptooracle-linux-upgrade-python3-kdcproxyoracle-linux-upgrade-python3-nssoracle-linux-upgrade-python3-pkioracle-linux-upgrade-python3-pyusboracle-linux-upgrade-python3-qrcodeoracle-linux-upgrade-python3-qrcode-coreoracle-linux-upgrade-python3-yubicooracle-linux-upgrade-python-nss-docoracle-linux-upgrade-relaxngdatatypeoracle-linux-upgrade-resteasyoracle-linux-upgrade-slapi-nisoracle-linux-upgrade-slf4joracle-linux-upgrade-slf4j-jdk14oracle-linux-upgrade-softhsmoracle-linux-upgrade-softhsm-develoracle-linux-upgrade-stax-exoracle-linux-upgrade-tomcatjssoracle-linux-upgrade-velocityoracle-linux-upgrade-xalan-j2oracle-linux-upgrade-xerces-j2oracle-linux-upgrade-xml-commons-apisoracle-linux-upgrade-xml-commons-resolveroracle-linux-upgrade-xmlstreambufferoracle-linux-upgrade-xsom

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.