First published: Mon Jun 26 2023(Updated: )
## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of [GHSA-jpcq-cgw6-v4j6](https://github.com/advisories/GHSA-jpcq-cgw6-v4j6). This link is maintained to preserve external references. ## Original Description Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code via the `<options>` element.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jquery Jquery | >=2.2.0<3.5.0 | |
maven/org.webjars.npm:jquery | >=1.0.3<3.5.0 | 3.5.0 |
npm/jquery | >=1.0.3<3.5.0 | 3.5.0 |
rubygems/jquery-rails | <4.4.0 | 4.4.0 |
nuget/jQuery | >=1.0.3<3.5.0 | 3.5.0 |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this cross-site scripting vulnerability is CVE-2020-23064.
The severity level of CVE-2020-23064 is medium.
Versions 2.2.0 through 3.x before 3.5.0 of jQuery are affected by CVE-2020-23064.
A remote attacker can exploit CVE-2020-23064 by executing arbitrary code via the <options> element.
Yes, there are references available for CVE-2020-23064. You can find them at the following links: [Link 1](https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/), [Link 2](https://security.netapp.com/advisory/ntap-20230725-0003/), and [Link 3](https://snyk.io/vuln/SNYK-JS-JQUERY-565129).