The US Cybersecurity and Infrastructure Agency (CISA) on Thursday to place Currently there is a security flaw that affectsTransport) Catalog based on evidence of active exploitation.
Vulnerability of medium and CVE-2020-11023 (CVSS Score: 6.1/6.9), a nearly five-year-old cross-platform scripting (XSS) that can be used to achieve arbitrary code execution.
“Transmitting HTML that contains
There was a problem to address jQuery version 3.5.0 was released in April 2020. The solution for CVE-2020-11023 involves using Doppurify with Safe_for_jquery flag Set to sanitize the HTML string before passing it to jQuery methods.
As is usually the case, the CISA recommendation relies on details of the specific nature of the exploitation and the identity of the threat actors who armed the flaws. There are also no public reports of attacks exploiting the flaw in question.
With that in mind, Dutch security firm Eclecticiq opened In February 2024, that command and control (C2) addresses A related to malicious campaign Exploiting security flaws in the IVANTI appliance made a version of jQuery vulnerable to at least one of three flaws, CVE-2020-11023, CVE-2020-11022and CVE-2019-11358.
According to mandatory operational directives (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are advised to fix the identified flaw by February 13, 2025 to secure their networks against active threats.
