CVE-2020-11023

This exploit demonstrates a cross-site scripting (XSS) vulnerability in jQuery versions >= 1.0.3 and < 3.5.0. It includes two proof-of-concept payloads that trigger XSS via malformed HTML attributes.

This repository provides a basic demonstration of a DOM-based XSS vulnerability (CVE-2020-11023) using jQuery methods like .text(). It includes a simple payload for testing but lacks executable exploit code.

This repository contains a static analysis scanner for detecting CVE-2020-11023, a jQuery XSS vulnerability affecting versions before 3.5.0. It identifies vulnerable jQuery versions and unsafe DOM manipulation patterns.

This repository contains a writeup describing a potential XSS vulnerability (CVE-2020-11023) in jQuery versions prior to 3.5.0, where untrusted HTML containing `<option>` elements could execute arbitrary code when passed to jQuery's DOM manipulation methods. The advisory recommends updating to jQuery 3.5.0 or using DOMPurify with the `SAFE_FOR_JQUERY` option as a workaround.

This repository contains a functional proof-of-concept for CVE-2020-11023, a mutation XSS (mXSS) vulnerability in jQuery versions before 3.5.0. The exploit leverages improper HTML sanitization in jQuery's DOM manipulation methods to inject and execute malicious scripts.

This repository demonstrates CVE-2020-11023, a jQuery XSS vulnerability where user input is unsafely rendered using `.html()`. The PoC includes payloads and mitigation techniques.

This repository demonstrates CVE-2020-11023, a jQuery XSS vulnerability affecting versions prior to 3.5.0. It includes a proof-of-concept showing how malicious HTML attributes can bypass jQuery's sanitization when using the .html() function.