First published: Tue Mar 10 2020(Updated: )
jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HTML() function. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ckeditor Ckeditor | =4.0 | |
Webspellchecker Webspellchecker | <=5.5.7.5 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9440 is a vulnerability in jQuery that allows for cross-site scripting attacks.
CVE-2020-9440 occurs due to improper validation of user-supplied input by the HTML() function in jQuery, which can be exploited by a remote attacker to execute scripts in a victim's browser within the context of the hosting website.
CVE-2020-9440 has a severity level of medium, with a CVSS score of 6.1.
To fix the vulnerability CVE-2020-9440, it is recommended to update to a patched version of jQuery that addresses the issue.
You can find more information about CVE-2020-9440 on the IBM X-Force Exchange website at the following links: [CVE-2020-9440](https://exchange.xforce.ibmcloud.com/vulnerabilities/177487) and [CVE-2020-9440](https://exchange.xforce.ibmcloud.com/vulnerabilities/180875).