NVD脆弱性詳細

CVE-2020-11023

概要	In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
公表日	2020年4月30日6:15
登録日	2021年1月26日10:40
最終更新日	2024年11月21日13:56

CVSS3.1 : MEDIUM
スコア	6.1
ベクター	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	要
影響の想定範囲(S)	変更あり
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし

CVSS2.0 : MEDIUM
スコア	4.3
ベクター	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:jquery:jquery::::::::		1.0.3			3.5.0

構成2		以上	以下	より上	未満
cpe:2.3:o:debian:debian_linux:9.0:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:o:fedoraproject:fedora:31:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:o:fedoraproject:fedora:33:::::::*

構成4	以上	以下	より上	未満
cpe:2.3:a:drupal:drupal::::::::	7.0			7.70
cpe:2.3:a:drupal:drupal::::::::	8.7.0			8.7.14
cpe:2.3:a:drupal:drupal::::::::	8.8.0			8.8.6

構成5	以上	以下	より上	未満
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder::::::::	6.1	6.4
cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
cpe:2.3:a:oracle:application_express::::::::				20.2
cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::
cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::
cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::
cpe:2.3:a:oracle:rest_data_services:18c::::-:::
cpe:2.3:a:oracle:rest_data_services:19c::::-:::
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
cpe:2.3:a:oracle:primavera_gateway::::::::	16.2	16.2.11
cpe:2.3:a:oracle:primavera_gateway::::::::	17.12.0	17.12.7
cpe:2.3:a:oracle:siebel_mobile::::::::		20.12
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:::::::*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::				9.2.5.0
cpe:2.3:a:oracle:banking_enterprise_collections::::::::	2.7.0	2.8.0
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::				9.2.5.0
cpe:2.3:a:oracle:banking_platform::::::::	2.4.0	2.10.0
cpe:2.3:a:oracle:primavera_gateway::::::::	19.12.0	19.12.4
cpe:2.3:a:oracle:primavera_gateway::::::::	18.8.0	18.8.9
cpe:2.3:a:oracle:communications_operations_monitor::::::::	4.1	4.3
cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:::::::*
cpe:2.3:a:oracle:oss_support_tools::::::::				2.12.41
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:::::::*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:::::::*
cpe:2.3:a:oracle:health_sciences_inform:6.3.0:::::::*
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0::::enterprise:::
cpe:2.3:a:oracle:communications_eagle_application_processor::::::::	16.1.0	16.4.0
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*

構成6		以上	以下	より上	未満
cpe:2.3:o:netapp:h300s_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:h300s:-:::::::*

構成7		以上	以下	より上	未満
cpe:2.3:o:netapp:h500s_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:h500s:-:::::::*

構成8		以上	以下	より上	未満
cpe:2.3:o:netapp:h700s_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:h700s:-:::::::*

構成9		以上	以下	より上	未満
cpe:2.3:o:netapp:h300e_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:h300e:-:::::::*

構成10		以上	以下	より上	未満
cpe:2.3:o:netapp:h500e_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:h500e:-:::::::*

構成11		以上	以下	より上	未満
cpe:2.3:o:netapp:h700e_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:h700e:-:::::::*

構成12		以上	以下	より上	未満
cpe:2.3:o:netapp:h410s_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:h410s:-:::::::*

構成13		以上	以下	より上	未満
cpe:2.3:o:netapp:h410c_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:h410c:-:::::::*

構成14	以上	以下	より上	未満
cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
cpe:2.3:a:netapp:snapcenter_server:-:::::::*
cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:oncommand_system_manager::::::::	3.0	3.1.3
cpe:2.3:a:netapp:max_data:-:::::::*

構成15		以上	以下	より上	未満
cpe:2.3:a:tenable:log_correlation_engine::::::::					6.0.9

関連情報、対策とツール

No	URL	タグ
1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
2	https://security.gentoo.org/glsa/202007-03	Third Party Advisory
3	https://security.netapp.com/advisory/ntap-20200511-0006/	Third Party Advisory
4	https://www.debian.org/security/2020/dsa-4693	Third Party Advisory
5	https://www.drupal.org/sa-core-2020-002	Third Party Advisory
6	https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
7	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
8	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
9	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
10	https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
11	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
12	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
13	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
14	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
15	https://www.tenable.com/security/tns-2021-02	Third Party Advisory
16	https://www.tenable.com/security/tns-2021-10	Third Party Advisory
17	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Broken Link
18	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Broken Link
19	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Broken Link Mailing List Third Party Advisory
20	http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
21	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released	Release Notes Vendor Advisory
22	https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6	Third Party Advisory
23	https://jquery.com/upgrade-guide/3.5/	Release Notes Vendor Advisory
24	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
25	https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E
26	https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E
27	https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E
28	https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E
29	https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E
30	https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E
31	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
32	https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E
33	https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E
34	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
35	https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E
36	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
37	https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E
38	https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E
39	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
40	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
41	https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E
42	https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E
43	https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E
44	https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E
45	https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E
46	https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E
47	https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E
48	https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E
49	https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E
50	https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E
51	https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E
52	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
53	https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E
54	https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
55	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
56	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
57	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
58	https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E
59	https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E
60	https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E
61	https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Mailing List Third Party Advisory
62	https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
63	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
64	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
65	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
66	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/
67	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/
68	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/
69	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/
70	https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
71	https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Mailing List Third Party Advisory
72	https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E
73	https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E
74	https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E
75	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E
76	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E
77	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E
78	https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
79	https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E
80	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E
81	https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E
82	https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E
83	https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E
84	https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E
85	https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E
86	https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E
87	https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E
88	https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E
89	https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E
90	https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E
91	https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E
92	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E
93	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E
94	https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E
95	https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E
96	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E
97	https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E
98	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E
99	https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E
100	https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E
101	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E
102	https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E
103	https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E
104	https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E
105	https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E
106	https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E
107	https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E
108	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E
109	https://jquery.com/upgrade-guide/3.5/	Release Notes Vendor Advisory
110	https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6	Third Party Advisory
111	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released	Release Notes Vendor Advisory
112	http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
113	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Broken Link Mailing List Third Party Advisory
114	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Broken Link
115	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Broken Link
116	https://www.tenable.com/security/tns-2021-10	Third Party Advisory
117	https://www.tenable.com/security/tns-2021-02	Third Party Advisory
118	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
119	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
120	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
121	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
122	https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
123	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
124	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
125	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
126	https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
127	https://www.drupal.org/sa-core-2020-002	Third Party Advisory
128	https://www.debian.org/security/2020/dsa-4693	Third Party Advisory
129	https://security.netapp.com/advisory/ntap-20200511-0006/	Third Party Advisory
130	https://security.gentoo.org/glsa/202007-03	Third Party Advisory

共通脆弱性一覧

JVN脆弱性情報

jQuery におけるクロスサイトスクリプティングの脆弱性

タイトル	jQuery におけるクロスサイトスクリプティングの脆弱性
概要	jQuery には、クロスサイトスクリプティングの脆弱性が存在します。
想定される影響	情報を取得される、および情報を改ざんされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2020年4月10日0:00
登録日	2020年6月5日14:47
最終更新日	2025年7月24日14:27

影響を受けるシステム

日立

Hitachi Ops Center Common Services (海外販売のみ)

jQuery

jQuery 1.0.3 以上 3.5.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-11023	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
National Vulnerability Database (NVD)
2	CVE-2020-11023	https://nvd.nist.gov/vuln/detail/CVE-2020-11023

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	名前	URL
Hitachi Software Vulnerability Information
1	hitachi-sec-2020-130	https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-130/index.html
jQuery
2	jQuery 3.5.0 Released!	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
3	jQuery Core 3.5 Upgrade Guide	https://jquery.com/upgrade-guide/3.5/
ソフトウェア製品セキュリティ情報
4	hitachi-sec-2020-130	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2020-130/index.html

その他

No	名前	URL
ICS-CERT ADVISORY
1	ICSA-21-306-01	https://us-cert.cisa.gov/ics/advisories/icsa-21-306-01
2	ICSA-22-055-02	https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02
3	ICSA-22-097-01	https://www.cisa.gov/uscert/ics/advisories/icsa-22-097-01
4	ICSA-25-203-05	https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-05
JVN
5	JVNVU#94847990	http://jvn.jp/vu/JVNVU94847990/index.html
6	JVNVU#94912830	https://jvn.jp/vu/JVNVU94912830/
7	JVNVU#99394498	https://jvn.jp/vu/JVNVU99394498/
8	JVNVU#99891704	https://jvn.jp/vu/JVNVU99891704/index.html
関連文書
9	VDE-2021-027 (Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service)	https://cert.vde.com/en/advisories/VDE-2021-027/

変更履歴

No	変更内容	変更日
7	[2022年04月11日] 参考情報：JVN (JVNVU#94847990) を追加参考情報：ICS-CERT ADVISORY (ICSA-22-097-01) を追加参考情報：関連文書 (VDE-2021-027) を追加	2022年4月11日13:55
5	[2022年02月16日] 参考情報：JVN (JVNVU#94912830) を追加	2022年2月16日11:45
6	[2022年03月01日] 参考情報：ICS-CERT ADVISORY (ICSA-22-055-02) を追加	2022年3月1日10:57
4	[2021年11月05日] 参考情報：ICS-CERT ADVISORY (ICSA-21-306-01) を追加　参考情報：JVN (JVNVU#99394498) を追加	2021年11月5日13:45
1	[2020年06月05日] 掲載	2020年6月5日14:47
3	[2020年10月28日] 影響を受けるシステム：内容を更新ベンダ情報：Hitachi Software Vulnerability Information (hitachi-sec-2020-130) を追加ベンダ情報：ソフトウェア製品セキュリティ情報 (hitachi-sec-2020-130) を追加	2020年10月28日11:05
8	[2025年07月24日] 参考情報：JVN (JVNVU#99891704) を追加参考情報：ICS-CERT ADVISORY (ICSA-25-203-05) を追加	2025年7月24日14:02

構成5	以上	以下	より上	未満
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*
cpe:2.3:a:oracle:communications_interactive_session_recorder::::::::	6.1	6.4
cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
cpe:2.3:a:oracle:application_express::::::::				20.2
cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::
cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::
cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::
cpe:2.3:a:oracle:rest_data_services:18c::::-:::
cpe:2.3:a:oracle:rest_data_services:19c::::-:::
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
cpe:2.3:a:oracle:primavera_gateway::::::::	16.2	16.2.11
cpe:2.3:a:oracle:primavera_gateway::::::::	17.12.0	17.12.7
cpe:2.3:a:oracle:siebel_mobile::::::::		20.12
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:::::::*
cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:::::::*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::				9.2.5.0
cpe:2.3:a:oracle:banking_enterprise_collections::::::::	2.7.0	2.8.0
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::				9.2.5.0
cpe:2.3:a:oracle:banking_platform::::::::	2.4.0	2.10.0
cpe:2.3:a:oracle:primavera_gateway::::::::	19.12.0	19.12.4
cpe:2.3:a:oracle:primavera_gateway::::::::	18.8.0	18.8.9
cpe:2.3:a:oracle:communications_operations_monitor::::::::	4.1	4.3
cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:::::::*
cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:::::::*
cpe:2.3:a:oracle:oss_support_tools::::::::				2.12.41
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:::::::*
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:::::::*
cpe:2.3:a:oracle:health_sciences_inform:6.3.0:::::::*
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0::::enterprise:::
cpe:2.3:a:oracle:communications_eagle_application_processor::::::::	16.1.0	16.4.0
cpe:2.3:a:oracle:storagetek_acsls:8.5.1:::::::*