08-12-2020 12:36 PM - edited 07-05-2021 12:23 PM
JQUERY <3.5
Our security team has informed us that the 3504 running 8.10.130 is showing as vulnerable for the issue identified in CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
08-12-2020 07:38 PM
From what I can read, CVE-2020-11022/CVE-2020-11023 only affects Cisco Unified Presence, UCSM and APIC.
I don't see anything mentioning about AireOS.
08-20-2020 04:13 AM
09-02-2020 10:47 PM
we have the same issue on VWLC and CT2500 both with 8.5(160.0) version.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide