Details of VAR-202004-2199

ID

VAR-202004-2199

CVE

CVE-2020-11023

TITLE

jQuery Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005056

DESCRIPTION

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. For the oldstable distribution (stretch), these problems have been fixed in version 7.52-2+deb9u10. We recommend that you upgrade your drupal7 packages. For the detailed security status of drupal7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/drupal7 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7NhRgACgkQEMKTtsN8 TjZELQ//ao+AlYru8sTlC4Axs1r3QfXyq/FFn55C2faDkZonWP3+S4O5GjJaDwcH q9J1OBhvlkTsRkP55qGplUi9pLxs8OTdnJD5VnRXsvijVEhhZ5DOYnLJcLQ5Ggq5 Io8ImGbrGY64qItxmEXUyFfI0YrJ/s1aagUBodORaF6yeJ6DwqIxRVRBS4A3UD61 AH0u/cw69y7WHf1FLpPYAWZSZ0lzkPFxUbi8DlYzwPZApQfhOFCYoWjdziUbxZUU yZH8M0CORFG2ron8K+sbgKPpepRc6u55OxYU1WxzejJSfKKnGhhaNBrztbgomtIB pLQ+BSB2tD5iOR/QcdXgmhhTrApUSiR6dF2iPwXt1Bo2+1l2ChEVYfi1q1ggTx5O e6xulfy+3xSPI4afi4gL1KTHJkg9OZnU1pST3kSxBp/gp+/I473EYqwzhlB14msU SqNy5kId+GsYzMsvcufbOEsqR2ffAGDz9RNPF7NkfphvAT9YyaXq0kgmnxtMiac1 Um1/7oDh4dZBTzFNnvWRYWQcydgfDvEzW1TQdCd2hp8YTXjhCFNeJrxQx0O9eLxv jcWC+z0rfQeiUAk7VtqeoCDRS6deVxm1TfXXcV0vgyKGQh5/FBVo9V2L9ag/8phO 0l0TPROG766wZDooBFXNWerf85AT5zCIFopeZopPyuQNIjJA2UU= =yOQd -----END PGP SIGNATURE----- . Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update Advisory ID: RHSA-2023:0553-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:0553 Issue date: 2023-01-31 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2017-18214 CVE-2018-14040 CVE-2018-14041 CVE-2018-14042 CVE-2019-8331 CVE-2019-11358 CVE-2020-11022 CVE-2020-11023 CVE-2022-3143 CVE-2022-40149 CVE-2022-40150 CVE-2022-40152 CVE-2022-42003 CVE-2022-42004 CVE-2022-45047 CVE-2022-45693 CVE-2022-46364 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 8 - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * nodejs-moment: Regular expression denial of service (CVE-2017-18214) * wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1553413 - CVE-2017-18214 nodejs-moment: Regular expression denial of service 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601616 - CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods 2124682 - CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23927 - Tracker bug for the EAP 7.4.9 release for RHEL-8 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL 8: Source: eap7-apache-sshd-2.9.2-1.redhat_00001.1.el8eap.src.rpm eap7-elytron-web-1.9.3-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.3.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-search-5.10.13-3.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.5.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jackson-annotations-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-core-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-databind-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-jaxrs-providers-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el8eap.src.rpm eap7-javaee-security-soteria-1.0.1-3.redhat_00003.1.el8eap.src.rpm eap7-jboss-ejb-client-4.0.49-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el8eap.src.rpm eap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.27-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el8eap.src.rpm eap7-jettison-1.5.2-1.redhat_00002.1.el8eap.src.rpm eap7-undertow-2.2.22-1.SP3_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.9-4.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-woodstox-core-6.4.0-1.redhat_00001.1.el8eap.src.rpm noarch: eap7-apache-sshd-2.9.2-1.redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.3.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-backend-jgroups-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-backend-jms-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-engine-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-orm-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-search-serialization-avro-5.10.13-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-api-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-impl-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-spi-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-api-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-impl-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-deployers-common-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-jdbc-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-validator-1.5.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jackson-annotations-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-core-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-databind-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-datatype-jdk8-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-datatype-jsr310-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-jaxrs-base-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-modules-base-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-jackson-modules-java8-2.12.7-1.redhat_00003.1.el8eap.noarch.rpm eap7-javaee-security-soteria-1.0.1-3.redhat_00003.1.el8eap.noarch.rpm eap7-javaee-security-soteria-enterprise-1.0.1-3.redhat_00003.1.el8eap.noarch.rpm eap7-jboss-ejb-client-4.0.49-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-6.SP07_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-jsp-api_2.3_spec-2.0.0-3.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.27-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-24.Final_redhat_00023.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-24.Final_redhat_00023.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-24.Final_redhat_00023.1.el8eap.noarch.rpm eap7-jettison-1.5.2-1.redhat_00002.1.el8eap.noarch.rpm eap7-undertow-2.2.22-1.SP3_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-server-1.9.3-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.9-4.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.9-4.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.9-4.GA_redhat_00003.1.el8eap.noarch.rpm eap7-woodstox-core-6.4.0-1.redhat_00001.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2017-18214 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14041 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2022-3143 https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-40152 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/security/cve/CVE-2022-45693 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY9lDHtzjgjWX9erEAQhkgw/9ErQe5kAdnHoGisF2rHzfWS5NoLmISZwP fy6ZPNQtLvT3WDJIdZ+/8vgjxvE7AIsA4wgZNpwAEdpICwvMv44MOqOd0xEv1vx3 YJPkkjHZwLLP6II2KT61djQoQZMgrtRaJC/zI7QaQaG2PMoz1bOvGLRuF23QIOI3 pw3cxw/Fe0QKSi1ejYcm4HoFu00SkreFB6gFwZGPCYCnx6ZeO/tTtqeqPbQfl4Iv inq6c3JCzQr9RY6Phj3LMWMUb9+0POZDr8CqHFZKvpcy6Ue7gyeOOalqff5Esk3h BPfI9KoYgE/vb9CqoOq6R4HS9Hl1XaY6hSFJxTmtXiWIatLh4wCMPn0Qc5EbFCpc rextHQXuNY0zS8ahZBgbBBgnTcDSvE3knsm75zUtXZArforumjlPWaGCkSbUbWil rHXQV4QCTSw7PJtrQI3W0jBAhXzKdWs9KvrJmqho1PEvfblCyGkGQJL3B81tFsw1 75uyRIw1953wVH08EqYX5pbEOly/pCGKgG3D/kLOffN0AGjSyrxx7OQTeb39SmP2 wp8H5DmfkC3n9apNsJKoaj2siUo3p8NYptN1sgDCnFxqnsxWTBiekAuasri42x97 QvGZv27zlf4LhuFkCzRrSMGszrdtr/+P/6JOy5hi+JKo7SuKcvDHI0IcImWq0HBi Wb9PIkTxF9A= =bqBh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/): 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1790759 - CVE-2020-1694 keycloak: verify-token-audience support is missing in the NodeJS adapter 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1836786 - CVE-2020-10748 keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697) 1850004 - CVE-2020-11023 jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 5. Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation

Trust: 2.43

sources: NVD: CVE-2020-11023 // JVNDB: JVNDB-2020-005056 // VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // PACKETSTORM: 168835 // PACKETSTORM: 171212 // PACKETSTORM: 170823 // PACKETSTORM: 161727 // PACKETSTORM: 160548 // PACKETSTORM: 158282 // PACKETSTORM: 158797

AFFECTED PRODUCTS

vendor:	netapp	model:	h500e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	17.12.7	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	financial services revenue management and billing analytics	scope:	eq	version:	2.8	Trust: 1.0
vendor:	oracle	model:	hyperion financial reporting	scope:	eq	version:	11.1.2.4	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	19.12.0	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone orchestrator	scope:	lt	version:	9.2.5.0	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	healthcare translational research	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.7.0	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	11.2.0.4	Trust: 1.0
vendor:	oracle	model:	financial services revenue management and billing analytics	scope:	eq	version:	2.7	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	lte	version:	4.3	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	16.2	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	webcenter sites	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	7.0	Trust: 1.0
vendor:	netapp	model:	h700e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking enterprise collections	scope:	lte	version:	2.8.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	18.8.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	19.12.4	Trust: 1.0
vendor:	oracle	model:	siebel mobile	scope:	lte	version:	20.12	Trust: 1.0
vendor:	oracle	model:	storagetek acsls	scope:	eq	version:	8.5.1	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	lt	version:	21.1.2	Trust: 1.0
vendor:	oracle	model:	communications analytics	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.7.14	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	lte	version:	3.1.3	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	lte	version:	16.4.0	Trust: 1.0
vendor:	oracle	model:	jd edwards enterpriseone tools	scope:	lt	version:	9.2.5.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	lte	version:	2.10.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	gte	version:	3.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	gte	version:	1.0.3	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise human capital management resources	scope:	eq	version:	9.2	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	12.2.0.1	Trust: 1.0
vendor:	oracle	model:	communications interactive session recorder	scope:	gte	version:	6.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	7.70	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	19c	Trust: 1.0
vendor:	oracle	model:	healthcare translational research	scope:	eq	version:	3.4.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	14.1.1.0.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	16.2.11	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	lt	version:	3.5.0	Trust: 1.0
vendor:	oracle	model:	oss support tools	scope:	lt	version:	2.12.41	Trust: 1.0
vendor:	netapp	model:	cloud insights storage workload security agent	scope:	eq	version:	-	Trust: 1.0
vendor:	tenable	model:	log correlation engine	scope:	lt	version:	6.0.9	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for de nederlandsche bank	scope:	eq	version:	8.0.4	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	18c	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	eq	version:	12.1.0.2	Trust: 1.0
vendor:	oracle	model:	business intelligence	scope:	eq	version:	5.9.0.0.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.1.3.0.0	Trust: 1.0
vendor:	oracle	model:	healthcare translational research	scope:	eq	version:	3.3.1	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	3.4	Trust: 1.0
vendor:	oracle	model:	health sciences inform	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	healthcare translational research	scope:	eq	version:	3.3.2	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	17.12.0	Trust: 1.0
vendor:	oracle	model:	webcenter sites	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	storagetek tape analytics sw tool	scope:	eq	version:	2.3.1	Trust: 1.0
vendor:	oracle	model:	communications services gatekeeper	scope:	eq	version:	7.0	Trust: 1.0
vendor:	netapp	model:	snapcenter server	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.8.0	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	application testing suite	scope:	eq	version:	13.3.0.1	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.8.6	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	eq	version:	21.1.2	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	gte	version:	4.1	Trust: 1.0
vendor:	oracle	model:	banking enterprise collections	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	netapp	model:	max data	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	18.8.9	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	application express	scope:	lt	version:	20.2	Trust: 1.0
vendor:	netapp	model:	h300e	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications interactive session recorder	scope:	lte	version:	6.4	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center common services	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-005056 // NVD: CVE-2020-11023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11023
value:	MEDIUM
Trust: 1.0
security-advisories@github.com:	CVE-2020-11023
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-11023
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-2420
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-163560
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-11023
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-11023
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-163560
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-11023
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
security-advisories@github.com:	CVE-2020-11023
baseSeverity:	MEDIUM
baseScore:	6.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2020-11023
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // CNNVD: CNNVD-202004-2420 // JVNDB: JVNDB-2020-005056 // NVD: CVE-2020-11023 // NVD: CVE-2020-11023

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-163560 // JVNDB: JVNDB-2020-005056 // NVD: CVE-2020-11023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2420

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 168835 // CNNVD: CNNVD-202004-2420

PATCH

title:	hitachi-sec-2020-130 Software product security information	url:	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/	Trust: 0.8
title:	jQuery Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=178501	Trust: 0.6
title:	Red Hat: Moderate: python-XStatic-jQuery224 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205412 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204211 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203807 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4693-1 drupal7 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=978f239ce60a8a08c53eb64ba189d0f6	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205249 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Service Mesh security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203369 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1626	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1626	Trust: 0.1
title:	Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226393 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance release	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e7014c0a68e8d9bc31a54125059176dc	Trust: 0.1
title:	Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203247 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-02	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202813 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204847 - Security Advisory	Trust: 0.1
title:	HP: HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03688	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=0c6e8f969487f201b1d56f59bd98f443	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=e57a04f097f54c762da82263eadc1b8a	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230556 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230554 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231043 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231044 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231049 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231045 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=22fc4d0a2671b6a2b6b740928ccb3e85	Trust: 0.1
title:	Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-10	Trust: 0.1
title:	IBM: Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=06c81cfb59e5c7353b49e490f4b9142c	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-130	Trust: 0.1
title:	IBM: Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8c22e5a481443cacfeb30c0ca6b1c6be	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0bf006d622ea4a9435b282864e760566	Trust: 0.1
title:	IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1abb4a91c60a38765126584f92f9afd0	Trust: 0.1
title:	IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=157eb1e30eb92554b7b6df9a1809e974	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c47c09015d1429df4a71453000607351	Trust: 0.1
title:	CVE-2020-11023 POC Dom XSS	url:	https://github.com/Cybernegro/CVE-2020-11023	Trust: 0.1
title:	Hacky-Holidays-2020-Writeups	url:	https://github.com/goelp14/Hacky-Holidays-2020-Writeups	Trust: 0.1
title:	https-nj.gov---CVE-2020-11023 RECOMMENDATION REFERENCES	url:	https://github.com/korestreet/https-nj.gov---CVE-2020-11023	Trust: 0.1
title:	https-nj.gov---CVE-2020-11023 RECOMMENDATION REFERENCES	url:	https://github.com/Snorlyd/https-nj.gov---CVE-2020-11023	Trust: 0.1
title:	CVE Sandbox :: jQuery	url:	https://github.com/cve-sandbox/jquery	Trust: 0.1
title:	JS_Encoder	url:	https://github.com/AssassinUKG/JS_Encoder	Trust: 0.1
title:	CVE-2020-11022 CVE-2020-11023	url:	https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023	Trust: 0.1
title:	https://github.com/DanielRuf/snyk-js-jquery-565129	url:	https://github.com/DanielRuf/snyk-js-jquery-565129	Trust: 0.1
title:	100DaysofLearning Daily Checklist - ✅	url:	https://github.com/arijitdirghanji/100DaysofLearning	Trust: 0.1
title:	XSSPlayground What is XSS?	url:	https://github.com/AssassinUKG/XSSPlayground	Trust: 0.1
title:	jQuery XSS	url:	https://github.com/EmptyHeart5292/jQuery-XSS	Trust: 0.1
title:	Strings_Attached User Experience Development Process Testing Bugs Libraries and Programs Used Deployment Credits Acknowledgements	url:	https://github.com/johnrearden/strings_attached	Trust: 0.1
title:	jQuery — New Wave JavaScript	url:	https://github.com/spurreiter/jquery	Trust: 0.1
title:	Case Study	url:	https://github.com/faizhaffizudin/Case-Study-Hamsa	Trust: 0.1
title:	Retire HTML Parser	url:	https://github.com/marksowell/retire-html-parser	Trust: 0.1
title:	https://github.com/octane23/CASE-STUDY-1	url:	https://github.com/octane23/CASE-STUDY-1	Trust: 0.1
title:	Vulnerability	url:	https://github.com/tzwlhack/Vulnerability	Trust: 0.1
title:	欢迎关注阿尔法实验室微信公众号	url:	https://github.com/alphaSeclab/sec-daily-2020	Trust: 0.1
title:	SecBooks SecBooks目录	url:	https://github.com/SexyBeast233/SecBooks	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/soosmile/POC	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-lab/awesome-security	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-labs/awesome-security	Trust: 0.1

sources: VULMON: CVE-2020-11023 // CNNVD: CNNVD-202004-2420 // JVNDB: JVNDB-2020-005056

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11023	Trust: 4.1
db:	PACKETSTORM	id:	162160	Trust: 1.8
db:	TENABLE	id:	TNS-2021-02	Trust: 1.8
db:	TENABLE	id:	TNS-2021-10	Trust: 1.8
db:	ICS CERT	id:	ICSA-22-097-01	Trust: 1.4
db:	ICS CERT	id:	ICSA-22-055-02	Trust: 0.9
db:	PACKETSTORM	id:	170823	Trust: 0.8
db:	PACKETSTORM	id:	161727	Trust: 0.8
db:	PACKETSTORM	id:	158797	Trust: 0.8
db:	PACKETSTORM	id:	160548	Trust: 0.8
db:	ICS CERT	id:	ICSA-21-306-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-25-203-05	Trust: 0.8
db:	JVN	id:	JVNVU94847990	Trust: 0.8
db:	JVN	id:	JVNVU99891704	Trust: 0.8
db:	JVN	id:	JVNVU94912830	Trust: 0.8
db:	JVN	id:	JVNVU99394498	Trust: 0.8
db:	CERT@VDE	id:	VDE-2021-027	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005056	Trust: 0.8
db:	PACKETSTORM	id:	162651	Trust: 0.7
db:	PACKETSTORM	id:	159852	Trust: 0.7
db:	PACKETSTORM	id:	160274	Trust: 0.7
db:	PACKETSTORM	id:	170821	Trust: 0.7
db:	PACKETSTORM	id:	159275	Trust: 0.7
db:	PACKETSTORM	id:	161830	Trust: 0.7
db:	PACKETSTORM	id:	168304	Trust: 0.7
db:	PACKETSTORM	id:	164887	Trust: 0.7
db:	PACKETSTORM	id:	158750	Trust: 0.7
db:	PACKETSTORM	id:	159513	Trust: 0.7
db:	PACKETSTORM	id:	158555	Trust: 0.7
db:	CNNVD	id:	CNNVD-202004-2420	Trust: 0.7
db:	PACKETSTORM	id:	158282	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2694	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0620	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0845	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3823	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4248	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2714	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3700	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.1351	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2775	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1066	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1916	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3485	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3663	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0909	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1961	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.0583	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.1653	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.0585	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1863	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1519	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0824	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2375	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3255	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0923	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1703	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5150	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2525	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1804	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3875	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2660	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1512	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2660.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4421	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2287	Trust: 0.6
db:	PACKETSTORM	id:	158406	Trust: 0.6
db:	NSFOCUS	id:	48902	Trust: 0.6
db:	LENOVO	id:	LEN-60182	Trust: 0.6
db:	EXPLOIT-DB	id:	49767	Trust: 0.6
db:	CS-HELP	id:	SB2021110301	Trust: 0.6
db:	CS-HELP	id:	SB2022012403	Trust: 0.6
db:	CS-HELP	id:	SB2022022516	Trust: 0.6
db:	CS-HELP	id:	SB2021072824	Trust: 0.6
db:	CS-HELP	id:	SB2021052207	Trust: 0.6
db:	CS-HELP	id:	SB2022072027	Trust: 0.6
db:	CS-HELP	id:	SB2022011837	Trust: 0.6
db:	CS-HELP	id:	SB2021042101	Trust: 0.6
db:	PACKETSTORM	id:	171212	Trust: 0.2
db:	PACKETSTORM	id:	171213	Trust: 0.1
db:	PACKETSTORM	id:	171214	Trust: 0.1
db:	PACKETSTORM	id:	170819	Trust: 0.1
db:	PACKETSTORM	id:	170817	Trust: 0.1
db:	VULHUB	id:	VHN-163560	Trust: 0.1
db:	VULMON	id:	CVE-2020-11023	Trust: 0.1
db:	PACKETSTORM	id:	168835	Trust: 0.1

sources: VULHUB: VHN-163560 // VULMON: CVE-2020-11023 // PACKETSTORM: 168835 // PACKETSTORM: 171212 // PACKETSTORM: 170823 // PACKETSTORM: 161727 // PACKETSTORM: 160548 // PACKETSTORM: 158282 // PACKETSTORM: 158797 // CNNVD: CNNVD-202004-2420 // JVNDB: JVNDB-2020-005056 // NVD: CVE-2020-11023

REFERENCES

url:	http://packetstormsecurity.com/files/162160/jquery-1.0.3-cross-site-scripting.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 2.1
url:	https://www.debian.org/security/2020/dsa-4693	Trust: 1.9
url:	https://github.com/jquery/jquery/security/advisories/ghsa-jpcq-cgw6-v4j6	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20200511-0006/	Trust: 1.8
url:	https://www.drupal.org/sa-core-2020-002	Trust: 1.8
url:	https://www.tenable.com/security/tns-2021-02	Trust: 1.8
url:	https://www.tenable.com/security/tns-2021-10	Trust: 1.8
url:	https://security.gentoo.org/glsa/202007-03	Trust: 1.8
url:	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released	Trust: 1.8
url:	https://jquery.com/upgrade-guide/3.5/	Trust: 1.8
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 1.1
url:	https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3cdev.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3ccommits.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3cgitbox.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 1.1
url:	https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3ccommits.nifi.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3ccommits.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3cdev.felix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2020-11023	Trust: 1.0
url:	https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/ghsa-jpcq-cgw6-v4j6/ghsa-jpcq-cgw6-v4j6.json#l20-l37	Trust: 1.0
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02	Trust: 0.9
url:	https://jvn.jp/vu/jvnvu99394498/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu94912830/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94847990/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99891704/index.html	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-306-01	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-097-01	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-05	Trust: 0.8
url:	https://cert.vde.com/en/advisories/vde-2021-027/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 0.7
url:	https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3ccommits.felix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3cdev.felix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3cdev.felix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3cdev.felix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3cdev.felix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3cdev.felix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3cdev.felix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3cdev.felix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3ccommits.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3cdev.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3cgitbox.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3cgitbox.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3cgitbox.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3cgitbox.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3cgitbox.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3cgitbox.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3ccommits.nifi.apache.org%3e	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110301	Trust: 0.6
url:	https://packetstormsecurity.com/files/159513/red-hat-security-advisory-2020-4211-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4248/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011837	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3823	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2287/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158797/red-hat-security-advisory-2020-3369-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujul2021.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161830/red-hat-security-advisory-2021-0860-01.html	Trust: 0.6
url:	https://www.exploit-db.com/exploits/49767	Trust: 0.6
url:	https://packetstormsecurity.com/files/162651/red-hat-security-advisory-2021-1846-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3875/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520510	Trust: 0.6
url:	https://packetstormsecurity.com/files/158555/gentoo-linux-security-advisory-202007-03.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-by-ibm-qradar-network-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1653	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0923	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2694/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2375/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0845	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2775/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1066	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-affect-ibm-license-metric-tool-v9/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5150	Trust: 0.6
url:	https://packetstormsecurity.com/files/168304/red-hat-security-advisory-2022-6393-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1804/	Trust: 0.6
url:	https://packetstormsecurity.com/files/160274/red-hat-security-advisory-2020-5249-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0824	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-package-with-known-vulnerabilities-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042101	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1961/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1512	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023-2/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48902	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-60182	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022516	Trust: 0.6
url:	https://packetstormsecurity.com/files/158750/red-hat-security-advisory-2020-3247-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-jquery-as-used-in-ibm-security-qradar-packet-capture-is-vulnerable-to-cross-site-scripting-xss-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1703	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2714/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525182	Trust: 0.6
url:	https://packetstormsecurity.com/files/158406/red-hat-security-advisory-2020-2412-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/	Trust: 0.6
url:	https://packetstormsecurity.com/files/160548/red-hat-security-advisory-2020-5412-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2660.3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1863/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-fixed-in-mobile-foundation-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3700/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1916	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1519	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072027	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0909	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052207	Trust: 0.6
url:	https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0585	Trust: 0.6
url:	https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2525	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2660/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4421/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0620	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1351	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0583	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012403	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072824	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3663	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3255/	Trust: 0.6
url:	https://packetstormsecurity.com/files/164887/red-hat-security-advisory-2021-4142-02.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3485/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14042	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14040	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-40150	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-40149	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-45047	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-46364	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-42004	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-45693	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-42003	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14042	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-14040	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11358	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-11358	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://github.com/cybernegro/cve-2020-11023	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/drupal7	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-38750	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1471	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1438	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-3916	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31129	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25857	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-46175	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35065	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44906	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44906	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-0091	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24785	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-3782	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2764	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2764	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-4137	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-46363	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1471	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-0264	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-38751	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1274	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-37603	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-38749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-31129	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-35065	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1043	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25857	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24785	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1274	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3143	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:0553	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-9251	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14041	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40150	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-10735	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18214	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40152	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40149	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10735	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-40152	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9251	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14041	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8331	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-18214	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8331	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-3143	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.1
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5412	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9547	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9546	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9547	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=core.service.rhsso&version=7.4	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10748	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9548	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8840	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9546	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1694	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8840	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10748	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1714	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1714	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1694	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9283	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8203	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8203	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12666	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3369	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12666	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 171212 // PACKETSTORM: 170823 // PACKETSTORM: 161727 // PACKETSTORM: 160548 // PACKETSTORM: 158282 // PACKETSTORM: 158797 // CNNVD: CNNVD-202004-2420

SOURCES

db:	VULHUB	id:	VHN-163560
db:	VULMON	id:	CVE-2020-11023
db:	PACKETSTORM	id:	168835
db:	PACKETSTORM	id:	171212
db:	PACKETSTORM	id:	170823
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	160548
db:	PACKETSTORM	id:	158282
db:	PACKETSTORM	id:	158797
db:	CNNVD	id:	CNNVD-202004-2420
db:	JVNDB	id:	JVNDB-2020-005056
db:	NVD	id:	CVE-2020-11023

LAST UPDATE DATE

2025-11-28T22:14:47.452000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163560	date:	2023-02-03T00:00:00
db:	VULMON	id:	CVE-2020-11023	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202004-2420	date:	2023-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-005056	date:	2025-07-24T05:27:00
db:	NVD	id:	CVE-2020-11023	date:	2025-11-07T19:32:52.023

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163560	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-11023	date:	2020-04-29T00:00:00
db:	PACKETSTORM	id:	168835	date:	2020-05-28T19:12:00
db:	PACKETSTORM	id:	171212	date:	2023-03-02T15:19:19
db:	PACKETSTORM	id:	170823	date:	2023-01-31T17:26:38
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	160548	date:	2020-12-16T18:08:59
db:	PACKETSTORM	id:	158282	date:	2020-07-02T15:43:25
db:	PACKETSTORM	id:	158797	date:	2020-08-07T18:27:30
db:	CNNVD	id:	CNNVD-202004-2420	date:	2020-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-005056	date:	2020-06-05T00:00:00
db:	NVD	id:	CVE-2020-11023	date:	2020-04-29T21:15:11.743