Severity
Medium
Patch available
YES
Number of vulnerabilities
4
CVE ID
CVE-2020-11022CVE-2020-11023CVE-2020-13625CVE-2020-14295
CWE ID
CWE-79CWE-20CWE-89
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #1 is available.Public exploit code for vulnerability #2 is available.
Vulnerable softwareSubscribe
OpensuseOperating systems & Components / Operating system
Vendor
Novell
Security Advisory
1) Cross-site scripting
Severity: Low
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C] [PCI]
CVE-ID: CVE-2020-11022
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes [Search exploit]
Description
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html(), .append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this ..
Support the originator by clicking the read the rest link below.
