CVE-2020-23064

{"id": "CVE-2020-23064", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-06-26T19:15:09.450", "references": [{"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20230725-0003/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-565129", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element."}], "lastModified": "2024-04-01T15:43:36.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BE6EB8F-B9E9-4B1C-B74E-E577348632E2", "versionEndExcluding": "3.5.0", "versionStartIncluding": "2.2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1"}, {"criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120"}, {"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"}, {"criteria": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB"}, {"criteria": "cpe:2.3:a:netapp:virtual_desktop_service:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E92E0F6-336C-4321-9471-08E93616D247"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}