VYPR
Medium severity6.9NVD Advisory· Published Apr 29, 2020· Updated Apr 13, 2026

CVE-2020-11022

CVE-2020-11022

Description

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jquerynpm
>= 1.12.0, < 3.5.03.5.0
jqueryNuGet
>= 1.12.0, < 3.5.03.5.0
jquery-railsRubyGems
< 4.4.04.4.0
org.webjars.npm:jqueryMaven
>= 1.12.0, < 3.5.03.5.0
maximebf/debugbarPackagist
< 1.19.01.19.0
athlon1600/youtube-downloaderPackagist
<= 4.0.0
components/jqueryPackagist
>= 1.12.0, < 3.5.03.5.0

Affected products

236

Patches

Vulnerability mechanics

References

73

News mentions

0

No linked articles in our index yet.