https://notcve.org/view.php?id=CVE-2020-11023
29 Apr 2020 — In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. En jQuery versiones mayores o iguales a 1.0.3 y anteriores a la versión 3.5.0, passing HTML contiene elementos de fuentes no seguras – incluso después de sanearlo – para uno de los métodos de manipul... • https://packetstorm.news/files/id/162160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 9.8EPSS: 9%CPEs: 81EXPL: 8