What is the vulnerability ID for this cross-site scripting vulnerability?

The vulnerability ID for this cross-site scripting vulnerability is CVE-2020-23064.

What is the severity level of CVE-2020-23064?

The severity level of CVE-2020-23064 is medium.

Which versions of jQuery are affected by CVE-2020-23064?

Versions 2.2.0 through 3.x before 3.5.0 of jQuery are affected by CVE-2020-23064.

How can a remote attacker exploit CVE-2020-23064?

A remote attacker can exploit CVE-2020-23064 by executing arbitrary code via the <options> element.

Are there any references available for CVE-2020-23064?

Yes, there are references available for CVE-2020-23064. You can find them at the following links: [Link 1](https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/), [Link 2](https://security.netapp.com/advisory/ntap-20230725-0003/), and [Link 3](https://snyk.io/vuln/SNYK-JS-JQUERY-565129).

Vulnerability/
CVE-2020-23064

medium

6.1

CWE

26/6/2023

15/5/2024

28/5/2024

CVE-2020-23064: XSS

First published: Mon Jun 26 2023(Updated: )

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of [GHSA-jpcq-cgw6-v4j6](https://github.com/advisories/GHSA-jpcq-cgw6-v4j6). This link is maintained to preserve external references. ## Original Description Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code via the `<options>` element.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Jquery Jquery	>=2.2.0<3.5.0
maven/org.webjars.npm:jquery	>=1.0.3<3.5.0	3.5.0
npm/jquery	>=1.0.3<3.5.0	3.5.0
rubygems/jquery-rails	<4.4.0	4.4.0
nuget/jQuery	>=1.0.3<3.5.0	3.5.0
IBM IBM® Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data	<=v3.5 through refresh 10v4.0 through refresh 9v4.5 through refresh 3v4.6 through refresh 6v4.7 through refresh 4v4.8 through refresh 4

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7155078

Frequently Asked Questions

What is the vulnerability ID for this cross-site scripting vulnerability?
The vulnerability ID for this cross-site scripting vulnerability is CVE-2020-23064.
What is the severity level of CVE-2020-23064?
The severity level of CVE-2020-23064 is medium.
Which versions of jQuery are affected by CVE-2020-23064?
Versions 2.2.0 through 3.x before 3.5.0 of jQuery are affected by CVE-2020-23064.
How can a remote attacker exploit CVE-2020-23064?
A remote attacker can exploit CVE-2020-23064 by executing arbitrary code via the <options> element.
Are there any references available for CVE-2020-23064?
Yes, there are references available for CVE-2020-23064. You can find them at the following links: [Link 1](https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/), [Link 2](https://security.netapp.com/advisory/ntap-20230725-0003/), and [Link 3](https://snyk.io/vuln/SNYK-JS-JQUERY-565129).

collector/nvd-index
agent/type
agent/weakness
agent/author
collector/the-register
source/The Register
alias/CVE-2020-23064
collector/mitre-cve
source/MITRE
agent/status
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-257q-pv89-v3xv
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/event
collector/nvd-api
collector/github-advisory
agent/severity
agent/references
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/description
collector/ibm-support
source/IBM
agent/software-canonical-lookup-request
vendor/jquery
canonical/jquery jquery
version/jquery jquery/2.2.0
status/rejected
package-manager/maven
package-manager/npm
package-manager/rubygems
package-manager/nuget
vendor/ibm
canonical/ibm ibm® db2® on cloud pak for data and db2 warehouse on cloud pak for data
version/ibm ibm® db2® on cloud pak for data and db2 warehouse on cloud pak for data/v3.5 through refresh 10v4.0 through refresh 9v4.5 through refresh 3v4.6 through refresh 6v4.7 through refresh 4v4.8 through refresh 4