CISA incorporates JQuery Cross-Site Scripting (XSS) in the Known Exploited Vulnerability (KEV) catalog

Summary

Cyble's Security Update Advisory provides a synopsis of the latest vulnerability patches released by various vendors. This advisory discusses a JQuery Cross-Site Scripting vulnerability (XSS) in the Known Exploited Vulnerability (KEV) catalog.

Based on naming standards followed by Common Vulnerabilities and Exposures (CVE) and severity standards as defined by the Common Vulnerability Scoring System (CVSS), vulnerabilities are classified as high, medium, and low vulnerabilities.

Vulnerability Details

Cross-Site Scripting

CVE-2020-11023

CVSSv3.1

6.1

Severity

Medium

Vulnerable Component

jQuery versions >= 1.0.3, < 3.5.0

Description

In affected versions of jQuery, passing HTML containing <option> elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e., .html(), .append(), and others) may execute untrusted code.

Additional Information

Multiple Proof of Concepts (PoC) for the vulnerability are available in the public domain.

In February 2024, EclecticIQ disclosed that the command-and-control (C2) addresses linked to a malicious campaign targeting security vulnerabilities in Ivanti appliances were using a version of jQuery vulnerable to at least one of three flaws: CVE-2020-11023, CVE-2020-11022, or CVE-2019-11358.

Workaround

To work around this issue without upgrading, use DOMPurify with its SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a jQuery method.

Recommendation

Implement the latest patch released by the official vendor: Regularly update all software and hardware systems with the latest patches from official vendors to mitigate vulnerabilities and protect against exploits. Establish a routine schedule for patch application and ensure critical patches are applied immediately.

Implement a robust patch management process: Develop a comprehensive patch management strategy that includes inventory management, patch assessment, testing, deployment, and verification. Automate the process where possible to ensure consistency and efficiency.

Incident response and recovery plan: Create and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents. Regularly test and update the plan to ensure its effectiveness and alignment with current threats.

Monitoring and logging malicious activities across the network: Implement comprehensive monitoring and logging solutions to detect and analyze suspicious activities. Use SIEM (Security Information and Event Management) systems to aggregate and correlate logs for real-time threat detection and response.

To mitigate risks associated with End-of-Life (EOL) products: Organizations should proactively identify and assess their criticality, then plan for timely upgrades or replacements.

Conclusion

jQuery is a widely used JavaScript library designed to simplify HTML document traversal, event handling, and animation, enabling developers to create dynamic and interactive web applications with ease. However, like any software, it is not immune to vulnerabilities. One such flaw, CVE-2020- 11023, highlights a cross-site scripting (XSS) vulnerability that can be exploited in specific scenarios. Its inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog underscores the active exploitation of this weakness by threat actors. This emphasizes the importance of monitoring and updating vulnerable libraries, as adversaries often target outdated components to gain unauthorized access or compromise systems.