VYPR
Moderate severityCISA KEVNVD Advisory· Published Apr 29, 2020· Updated Oct 21, 2025

Potential XSS vulnerability in jQuery

CVE-2020-11023

Description

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jquerynpm
>= 1.0.3, < 3.5.03.5.0
jquery-railsRubyGems
< 4.4.04.4.0
jQueryNuGet
>= 1.0.3, < 3.5.03.5.0
org.webjars.npm:jqueryMaven
>= 1.0.3, < 3.5.03.5.0
components/jqueryPackagist
>= 1.0.3, < 3.5.03.5.0

Affected products

110

Patches

Vulnerability mechanics

References

127

News mentions

0

No linked articles in our index yet.