News [20200604] - Core - XSS in jQuery.htmlPrefilter

  • Hi Guest, Welcome to SN 2.0, A new start, towards making this forum great once again. A lot has happenned in the last 6 months along with a world Pandemic. As you can realize that this is a new site and i have tried to recover as much as possible from the old version but pls expect some areas which might be lost forover or replaced with better things. 1. Payment Options 2. Resources(Rebuild) 3. Fixing all Prefixes 4. Permissions & Forum Moderation are some areas which are being worked upon. I will continue to update all of you via this notification as i work in the background to get you the best experience. Lastly we will also clarify about the issues we have had. Pls have Patience as we fix all credits wallets on priority. Best Regards, SN Team. Stay Safe.
Not open for further replies.

SN Bot

Staff member
Jul 1, 2015
[20200604] - Core - XSS in jQuery.htmlPrefilter

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Moderate
  • Versions: 3.0.0-3.9.18
  • Exploit type: XSS
  • Reported Date: 2020-April-10
  • Fixed Date: 2020-June-02
  • CVE Number: CVE-2020-11022 and CVE-2020-11023

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "[...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others."

The Drupal project has backported the relevant fixes back to jQuery 1.x and Joomla has adopted that patch.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.18


Upgrade to version 3.9.19


The JSST at the Joomla! Security Centre.

Reported By: David Jardin, JSST

Continue reading...
Not open for further replies.