Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a patched security flaw in the jQuery JavaScript library to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. The vulnerability, CVE-2020-11023, is a medium-severity cross-site scripting (XSS) bug that can lead to arbitrary code execution. Agencies are advised to remediate this flaw by February 13, 2025, to protect their networks from potential threats.
Threat Actor: Unknown | unknown
Victim: Federal Civilian Executive Branch Agencies | Federal Civilian Executive Branch Agencies
Keypoints :
- CVE-2020-11023 is a nearly five-year-old XSS vulnerability in jQuery that can be exploited for arbitrary code execution.
- The flaw was addressed in jQuery version 3.5.0, and a workaround involves using DOMPurify for sanitization.
- Federal agencies are recommended to remediate the flaw by February 13, 2025, as part of ongoing cybersecurity efforts.
Source: https://thehackernews.com/2025/01/cisa-adds-five-year-old-jquery-xss-flaw.html