CVE-2020-9440: XSS
First published: Tue Mar 10 2020(Updated: )
jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HTML() function. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ckeditor Ckeditor | =4.0 | |
| Webspellchecker Webspellchecker | <=5.5.7.5 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/177487
- https://exchange.xforce.ibmcloud.com/vulnerabilities/180875
- https://www.ibm.com/support/pages/node/6520510 (Advisory)
- https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
Frequently Asked Questions
What is CVE-2020-9440?
CVE-2020-9440 is a vulnerability in jQuery that allows for cross-site scripting attacks.
How does CVE-2020-9440 work?
CVE-2020-9440 occurs due to improper validation of user-supplied input by the HTML() function in jQuery, which can be exploited by a remote attacker to execute scripts in a victim's browser within the context of the hosting website.
What is the severity level of CVE-2020-9440?
CVE-2020-9440 has a severity level of medium, with a CVSS score of 6.1.
How can I fix the vulnerability CVE-2020-9440?
To fix the vulnerability CVE-2020-9440, it is recommended to update to a patched version of jQuery that addresses the issue.
Where can I find more information about CVE-2020-9440?
You can find more information about CVE-2020-9440 on the IBM X-Force Exchange website at the following links: [CVE-2020-9440](https://exchange.xforce.ibmcloud.com/vulnerabilities/177487) and [CVE-2020-9440](https://exchange.xforce.ibmcloud.com/vulnerabilities/180875).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/ibm-support
- collector/nvd-index
- vendor/ckeditor
- canonical/ckeditor ckeditor
- version/ckeditor ckeditor/4.0
- vendor/webspellchecker
- canonical/webspellchecker webspellchecker
- version/webspellchecker webspellchecker/5.5.7.5
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32