CVE-2019-11358 - 漏洞详情

CVE-2019-11358 (CNNVD-201904-948)

MEDIUM 有利用代码

中文标题:

jQuery 跨站脚本漏洞

英文标题:

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t...

CVSS分数: 6.1

发布时间: 2019-04-19 00:00:00

漏洞类型: 跨站脚本

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v4

漏洞描述

中文描述:

jQuery是美国John Resig个人开发者的一套开源、跨浏览器的JavaScript库。该库简化了HTML与JavaScript之间的操作，并具有模块化、插件扩展等特点。 jQuery 3.4.0之前版本中存在跨站脚本漏洞，该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

英文描述:

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CWE类型:

CWE-1321

受影响产品

厂商	产品	版本	版本范围	平台	CPE
jquery	jquery	*	-	-	`cpe:2.3:a:jquery:jquery::::::::`
debian	debian_linux	8.0	-	-	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`
debian	debian_linux	9.0	-	-	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`
debian	debian_linux	10.0	-	-	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`
drupal	drupal	*	-	-	`cpe:2.3:a:drupal:drupal::::::::`
backdropcms	backdrop	*	-	-	`cpe:2.3:a:backdropcms:backdrop::::::::`
fedoraproject	fedora	28	-	-	`cpe:2.3:o:fedoraproject:fedora:28:::::::*`
fedoraproject	fedora	29	-	-	`cpe:2.3:o:fedoraproject:fedora:29:::::::*`
fedoraproject	fedora	30	-	-	`cpe:2.3:o:fedoraproject:fedora:30:::::::*`
opensuse	backports_sle	15.0	-	-	`cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::`
opensuse	leap	15.1	-	-	`cpe:2.3:o:opensuse:leap:15.1:::::::*`
netapp	oncommand_system_manager	*	-	-	`cpe:2.3:a:netapp:oncommand_system_manager::::::::`
netapp	snapcenter	-	-	-	`cpe:2.3:a:netapp:snapcenter:-:::::::*`
redhat	cloudforms	4.7	-	-	`cpe:2.3:a:redhat:cloudforms:4.7:::::::*`
redhat	virtualization_manager	4.3	-	-	`cpe:2.3:a:redhat:virtualization_manager:4.3:::::::*`
oracle	agile_product_lifecycle_management_for_process	6.1	-	-	`cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:::::::*`
oracle	agile_product_lifecycle_management_for_process	6.2.0.0	-	-	`cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:::::::*`
oracle	agile_product_lifecycle_management_for_process	6.2.1.0	-	-	`cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:::::::*`
oracle	agile_product_lifecycle_management_for_process	6.2.2.0	-	-	`cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:::::::*`
oracle	agile_product_lifecycle_management_for_process	6.2.3.0	-	-	`cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:::::::*`
oracle	application_express	*	-	-	`cpe:2.3:a:oracle:application_express::::::::`
oracle	application_service_level_management	13.2.0.0	-	-	`cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:::::::*`
oracle	application_service_level_management	13.3.0.0	-	-	`cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:::::::*`
oracle	application_testing_suite	12.5.0.3	-	-	`cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:::::::*`
oracle	application_testing_suite	13.1.0.1	-	-	`cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:::::::*`
oracle	application_testing_suite	13.2	-	-	`cpe:2.3:a:oracle:application_testing_suite:13.2:::::::*`
oracle	application_testing_suite	13.2.0.1	-	-	`cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*`
oracle	application_testing_suite	13.3	-	-	`cpe:2.3:a:oracle:application_testing_suite:13.3:::::::*`
oracle	application_testing_suite	13.3.0.1	-	-	`cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*`
oracle	banking_digital_experience	18.1	-	-	`cpe:2.3:a:oracle:banking_digital_experience:18.1:::::::*`
oracle	banking_digital_experience	18.2	-	-	`cpe:2.3:a:oracle:banking_digital_experience:18.2:::::::*`
oracle	banking_digital_experience	18.3	-	-	`cpe:2.3:a:oracle:banking_digital_experience:18.3:::::::*`
oracle	banking_digital_experience	19.1	-	-	`cpe:2.3:a:oracle:banking_digital_experience:19.1:::::::*`
oracle	banking_digital_experience	19.2	-	-	`cpe:2.3:a:oracle:banking_digital_experience:19.2:::::::*`
oracle	banking_digital_experience	20.1	-	-	`cpe:2.3:a:oracle:banking_digital_experience:20.1:::::::*`
oracle	banking_enterprise_collections	*	-	-	`cpe:2.3:a:oracle:banking_enterprise_collections::::::::`
oracle	banking_platform	*	-	-	`cpe:2.3:a:oracle:banking_platform::::::::`
oracle	bi_publisher	5.5.0.0.0	-	-	`cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:::::::*`
oracle	bi_publisher	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:::::::*`
oracle	bi_publisher	12.2.1.4.0	-	-	`cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:::::::*`
oracle	big_data_discovery	1.6	-	-	`cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*`
oracle	business_process_management_suite	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*`
oracle	business_process_management_suite	12.2.1.4.0	-	-	`cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:::::::*`
oracle	communications_analytics	12.1.1	-	-	`cpe:2.3:a:oracle:communications_analytics:12.1.1:::::::*`
oracle	communications_application_session_controller	3.8m0	-	-	`cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:::::::*`
oracle	communications_billing_and_revenue_management	7.5	-	-	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:::::::*`
oracle	communications_billing_and_revenue_management	7.5.0.23.0	-	-	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*`
oracle	communications_billing_and_revenue_management	12.0	-	-	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:::::::*`
oracle	communications_billing_and_revenue_management	12.0.0.3.0	-	-	`cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*`
oracle	communications_diameter_signaling_router	8.0.0	-	-	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:::::::*`
oracle	communications_diameter_signaling_router	8.1	-	-	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:::::::*`
oracle	communications_diameter_signaling_router	8.2	-	-	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:::::::*`
oracle	communications_diameter_signaling_router	8.2.1	-	-	`cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:::::::*`
oracle	communications_eagle_application_processor	*	-	-	`cpe:2.3:a:oracle:communications_eagle_application_processor::::::::`
oracle	communications_element_manager	8.1.1	-	-	`cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*`
oracle	communications_element_manager	8.2.0	-	-	`cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*`
oracle	communications_element_manager	8.2.1	-	-	`cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*`
oracle	communications_interactive_session_recorder	*	-	-	`cpe:2.3:a:oracle:communications_interactive_session_recorder::::::::`
oracle	communications_operations_monitor	*	-	-	`cpe:2.3:a:oracle:communications_operations_monitor::::::::`
oracle	communications_operations_monitor	3.4	-	-	`cpe:2.3:a:oracle:communications_operations_monitor:3.4:::::::*`
oracle	communications_operations_monitor	4.0	-	-	`cpe:2.3:a:oracle:communications_operations_monitor:4.0:::::::*`
oracle	communications_operations_monitor	4.1.0	-	-	`cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:::::::*`
oracle	communications_services_gatekeeper	7.0	-	-	`cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*`
oracle	communications_session_report_manager	8.1.1	-	-	`cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*`
oracle	communications_session_report_manager	8.2.0	-	-	`cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*`
oracle	communications_session_report_manager	8.2.1	-	-	`cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*`
oracle	communications_session_route_manager	8.1.1	-	-	`cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*`
oracle	communications_session_route_manager	8.2.0	-	-	`cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*`
oracle	communications_session_route_manager	8.2.1	-	-	`cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*`
oracle	communications_unified_inventory_management	7.3	-	-	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:::::::*`
oracle	communications_unified_inventory_management	7.4.0	-	-	`cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*`
oracle	communications_webrtc_session_controller	7.2	-	-	`cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:::::::*`
oracle	diagnostic_assistant	2.12.36	-	-	`cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:::::::*`
oracle	enterprise_manager_ops_center	12.3.3	-	-	`cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*`
oracle	enterprise_manager_ops_center	12.4.0	-	-	`cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*`
oracle	enterprise_manager_ops_center	12.4.0.0	-	-	`cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*`
oracle	enterprise_session_border_controller	8.4	-	-	`cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:::::::*`
oracle	financial_services_analytical_applications_infrastructure	*	-	-	`cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::`
oracle	financial_services_analytical_applications_reconciliation_framework	*	-	-	`cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework::::::::`
oracle	financial_services_analytical_applications_reconciliation_framework	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:::::::*`
oracle	financial_services_asset_liability_management	*	-	-	`cpe:2.3:a:oracle:financial_services_asset_liability_management::::::::`
oracle	financial_services_asset_liability_management	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:::::::*`
oracle	financial_services_balance_sheet_planning	8.0.8	-	-	`cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:::::::*`
oracle	financial_services_basel_regulatory_capital_basic	*	-	-	`cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic::::::::`
oracle	financial_services_basel_regulatory_capital_basic	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:::::::*`
oracle	financial_services_basel_regulatory_capital_internal_ratings_based_approach	*	-	-	`cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach::::::::`
oracle	financial_services_basel_regulatory_capital_internal_ratings_based_approach	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:::::::*`
oracle	financial_services_data_foundation	*	-	-	`cpe:2.3:a:oracle:financial_services_data_foundation::::::::`
oracle	financial_services_data_governance_for_us_regulatory_reporting	*	-	-	`cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting::::::::`
oracle	financial_services_data_integration_hub	*	-	-	`cpe:2.3:a:oracle:financial_services_data_integration_hub::::::::`
oracle	financial_services_data_integration_hub	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:::::::*`
oracle	financial_services_enterprise_financial_performance_analytics	8.0.6	-	-	`cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:::::::*`
oracle	financial_services_enterprise_financial_performance_analytics	8.0.7	-	-	`cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:::::::*`
oracle	financial_services_funds_transfer_pricing	*	-	-	`cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::`
oracle	financial_services_funds_transfer_pricing	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:::::::*`
oracle	financial_services_hedge_management_and_ifrs_valuations	*	-	-	`cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations::::::::`
oracle	financial_services_hedge_management_and_ifrs_valuations	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:::::::*`
oracle	financial_services_institutional_performance_analytics	*	-	-	`cpe:2.3:a:oracle:financial_services_institutional_performance_analytics::::::::`
oracle	financial_services_institutional_performance_analytics	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:::::::*`
oracle	financial_services_liquidity_risk_management	8.0.0.1.0	-	-	`cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:::::::*`
oracle	financial_services_liquidity_risk_management	8.0.2	-	-	`cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:::::::*`
oracle	financial_services_liquidity_risk_management	8.0.4.0.0	-	-	`cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:::::::*`
oracle	financial_services_liquidity_risk_management	8.0.5.0.0	-	-	`cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:::::::*`
oracle	financial_services_liquidity_risk_management	8.0.6	-	-	`cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:::::::*`
oracle	financial_services_liquidity_risk_measurement_and_management	8.0.7	-	-	`cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:::::::*`
oracle	financial_services_liquidity_risk_measurement_and_management	8.0.8	-	-	`cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:::::::*`
oracle	financial_services_liquidity_risk_measurement_and_management	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:::::::*`
oracle	financial_services_loan_loss_forecasting_and_provisioning	*	-	-	`cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning::::::::`
oracle	financial_services_loan_loss_forecasting_and_provisioning	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:::::::*`
oracle	financial_services_market_risk_measurement_and_management	8.0.5	-	-	`cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:::::::*`
oracle	financial_services_market_risk_measurement_and_management	8.0.6	-	-	`cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:::::::*`
oracle	financial_services_market_risk_measurement_and_management	8.0.8	-	-	`cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:::::::*`
oracle	financial_services_price_creation_and_discovery	*	-	-	`cpe:2.3:a:oracle:financial_services_price_creation_and_discovery::::::::`
oracle	financial_services_profitability_management	*	-	-	`cpe:2.3:a:oracle:financial_services_profitability_management::::::::`
oracle	financial_services_profitability_management	8.1.0	-	-	`cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:::::::*`
oracle	financial_services_regulatory_reporting_for_de_nederlandsche_bank	8.0.4	-	-	`cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:::::::*`
oracle	financial_services_regulatory_reporting_for_european_banking_authority	8.0.6	-	-	`cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:::::::*`
oracle	financial_services_regulatory_reporting_for_european_banking_authority	8.0.7	-	-	`cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:::::::*`
oracle	financial_services_regulatory_reporting_for_us_federal_reserve	*	-	-	`cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve::::::::`
oracle	financial_services_retail_customer_analytics	*	-	-	`cpe:2.3:a:oracle:financial_services_retail_customer_analytics::::::::`
oracle	financial_services_retail_performance_analytics	8.0.6	-	-	`cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:::::::*`
oracle	financial_services_retail_performance_analytics	8.0.7	-	-	`cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:::::::*`
oracle	financial_services_revenue_management_and_billing	2.4.0.0	-	-	`cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:::::::*`
oracle	financial_services_revenue_management_and_billing	2.4.0.1	-	-	`cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:::::::*`
oracle	fusion_middleware_mapviewer	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:::::::*`
oracle	healthcare_foundation	7.1.1	-	-	`cpe:2.3:a:oracle:healthcare_foundation:7.1.1:::::::*`
oracle	healthcare_foundation	7.2.0	-	-	`cpe:2.3:a:oracle:healthcare_foundation:7.2.0:::::::*`
oracle	healthcare_foundation	7.2.2	-	-	`cpe:2.3:a:oracle:healthcare_foundation:7.2.2:::::::*`
oracle	healthcare_foundation	7.3.0	-	-	`cpe:2.3:a:oracle:healthcare_foundation:7.3.0:::::::*`
oracle	healthcare_translational_research	3.1.0	-	-	`cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:::::::*`
oracle	healthcare_translational_research	3.2.1	-	-	`cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:::::::*`
oracle	healthcare_translational_research	3.3.1	-	-	`cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:::::::*`
oracle	healthcare_translational_research	3.3.2	-	-	`cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:::::::*`
oracle	healthcare_translational_research	3.4.0	-	-	`cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:::::::*`
oracle	hospitality_guest_access	4.2.0	-	-	`cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*`
oracle	hospitality_guest_access	4.2.1	-	-	`cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*`
oracle	hospitality_materials_control	18.1	-	-	`cpe:2.3:a:oracle:hospitality_materials_control:18.1:::::::*`
oracle	hospitality_simphony	*	-	-	`cpe:2.3:a:oracle:hospitality_simphony::::::::`
oracle	hospitality_simphony	18.1	-	-	`cpe:2.3:a:oracle:hospitality_simphony:18.1:::::::*`
oracle	hospitality_simphony	18.2	-	-	`cpe:2.3:a:oracle:hospitality_simphony:18.2:::::::*`
oracle	identity_manager	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:::::::*`
oracle	insurance_accounting_analyzer	8.0.9	-	-	`cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:::::::*`
oracle	insurance_allocation_manager_for_enterprise_profitability	8.0.8	-	-	`cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:::::::*`
oracle	insurance_allocation_manager_for_enterprise_profitability	8.1.0	-	-	`cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:::::::*`
oracle	insurance_data_foundation	*	-	-	`cpe:2.3:a:oracle:insurance_data_foundation::::::::`
oracle	insurance_ifrs_17_analyzer	8.0.6	-	-	`cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:::::::*`
oracle	insurance_ifrs_17_analyzer	8.0.7	-	-	`cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:::::::*`
oracle	insurance_insbridge_rating_and_underwriting	*	-	-	`cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting::::::::`
oracle	insurance_insbridge_rating_and_underwriting	5.6.1.0	-	-	`cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:::::::*`
oracle	insurance_performance_insight	8.0.7	-	-	`cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:::::::*`
oracle	jd_edwards_enterpriseone_tools	9.2	-	-	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*`
oracle	jdeveloper	11.1.1.9.0	-	-	`cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:::::::*`
oracle	jdeveloper	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:::::::*`
oracle	jdeveloper	12.2.1.4.0	-	-	`cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:::::::*`
oracle	jdeveloper_and_adf	11.1.1.9.0	-	-	`cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:::::::*`
oracle	jdeveloper_and_adf	12.1.3.0.0	-	-	`cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:::::::*`
oracle	jdeveloper_and_adf	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:::::::*`
oracle	knowledge	*	-	-	`cpe:2.3:a:oracle:knowledge::::::::`
oracle	peoplesoft_enterprise_peopletools	8.55	-	-	`cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:::::::*`
oracle	peoplesoft_enterprise_peopletools	8.56	-	-	`cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*`
oracle	peoplesoft_enterprise_peopletools	8.57	-	-	`cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*`
oracle	peoplesoft_enterprise_peopletools	8.58	-	-	`cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*`
oracle	policy_automation	*	-	-	`cpe:2.3:a:oracle:policy_automation::::::::`
oracle	policy_automation	10.4.7	-	-	`cpe:2.3:a:oracle:policy_automation:10.4.7:::::::*`
oracle	policy_automation	12.1.0	-	-	`cpe:2.3:a:oracle:policy_automation:12.1.0:::::::*`
oracle	policy_automation	12.1.1	-	-	`cpe:2.3:a:oracle:policy_automation:12.1.1:::::::*`
oracle	policy_automation_connector_for_siebel	10.4.6	-	-	`cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*`
oracle	policy_automation_for_mobile_devices	*	-	-	`cpe:2.3:a:oracle:policy_automation_for_mobile_devices::::::::`
oracle	primavera_gateway	*	-	-	`cpe:2.3:a:oracle:primavera_gateway::::::::`
oracle	primavera_gateway	15.2.18	-	-	`cpe:2.3:a:oracle:primavera_gateway:15.2.18:::::::*`
oracle	primavera_unifier	*	-	-	`cpe:2.3:a:oracle:primavera_unifier::::::::`
oracle	primavera_unifier	16.1	-	-	`cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*`
oracle	primavera_unifier	16.2	-	-	`cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*`
oracle	primavera_unifier	18.8	-	-	`cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*`
oracle	real-time_scheduler	*	-	-	`cpe:2.3:a:oracle:real-time_scheduler::::::::`
oracle	rest_data_services	11.2.0.4	-	-	`cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::`
oracle	rest_data_services	12.1.0.2	-	-	`cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::`
oracle	rest_data_services	12.2.0.1	-	-	`cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::`
oracle	rest_data_services	18c	-	-	`cpe:2.3:a:oracle:rest_data_services:18c::::-:::`
oracle	rest_data_services	19c	-	-	`cpe:2.3:a:oracle:rest_data_services:19c::::-:::`
oracle	retail_back_office	14.0	-	-	`cpe:2.3:a:oracle:retail_back_office:14.0:::::::*`
oracle	retail_back_office	14.1	-	-	`cpe:2.3:a:oracle:retail_back_office:14.1:::::::*`
oracle	retail_central_office	14.0	-	-	`cpe:2.3:a:oracle:retail_central_office:14.0:::::::*`
oracle	retail_central_office	14.1	-	-	`cpe:2.3:a:oracle:retail_central_office:14.1:::::::*`
oracle	retail_customer_insights	15.0	-	-	`cpe:2.3:a:oracle:retail_customer_insights:15.0:::::::*`
oracle	retail_customer_insights	16.0	-	-	`cpe:2.3:a:oracle:retail_customer_insights:16.0:::::::*`
oracle	retail_customer_management_and_segmentation_foundation	18.0	-	-	`cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:::::::*`
oracle	retail_customer_management_and_segmentation_foundation	19.0	-	-	`cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*`
oracle	retail_point-of-service	14.0	-	-	`cpe:2.3:a:oracle:retail_point-of-service:14.0:::::::*`
oracle	retail_point-of-service	14.1	-	-	`cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*`
oracle	retail_returns_management	14.0	-	-	`cpe:2.3:a:oracle:retail_returns_management:14.0:::::::*`
oracle	retail_returns_management	14.1	-	-	`cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*`
oracle	service_bus	11.1.1.9.0	-	-	`cpe:2.3:a:oracle:service_bus:11.1.1.9.0:::::::*`
oracle	service_bus	12.1.3.0.0	-	-	`cpe:2.3:a:oracle:service_bus:12.1.3.0.0:::::::*`
oracle	service_bus	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:service_bus:12.2.1.3.0:::::::*`
oracle	siebel_mobile_applications	*	-	-	`cpe:2.3:a:oracle:siebel_mobile_applications::::::::`
oracle	siebel_ui_framework	20.8	-	-	`cpe:2.3:a:oracle:siebel_ui_framework:20.8:::::::*`
oracle	storagetek_tape_analytics_sw_tool	2.3.0	-	-	`cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:::::::*`
oracle	system_utilities	19.1	-	-	`cpe:2.3:a:oracle:system_utilities:19.1:::::::*`
oracle	tape_library_acsls	8.5	-	-	`cpe:2.3:a:oracle:tape_library_acsls:8.5:::::::*`
oracle	tape_library_acsls	8.5.1	-	-	`cpe:2.3:a:oracle:tape_library_acsls:8.5.1:::::::*`
oracle	transportation_management	1.4.3	-	-	`cpe:2.3:a:oracle:transportation_management:1.4.3:::::::*`
oracle	utilities_mobile_workforce_management	*	-	-	`cpe:2.3:a:oracle:utilities_mobile_workforce_management::::::::`
oracle	webcenter_sites	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*`
oracle	weblogic_server	10.3.6.0.0	-	-	`cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:::::::*`
oracle	weblogic_server	12.1.3.0.0	-	-	`cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*`
oracle	weblogic_server	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*`
oracle	weblogic_server	12.2.1.4.0	-	-	`cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*`
oracle	weblogic_server	14.1.1.0.0	-	-	`cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*`
joomla	joomla\!	*	-	-	`cpe:2.3:a:joomla:joomla\!::::::::`
juniper	junos	21.2	-	-	`cpe:2.3:o:juniper:junos:21.2:-::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

DSA-4434 vendor-advisory
cve.org

访问

20190421 [SECURITY] [DSA 4434-1] drupal7 security update mailing-list
cve.org

访问

108023 vdb-entry
cve.org

访问

[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 mailing-list
cve.org

访问

[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 mailing-list
cve.org

访问

[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 mailing-list
cve.org

访问

[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 mailing-list
cve.org

访问

[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358 mailing-list
cve.org

访问

[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update mailing-list
cve.org

访问

FEDORA-2019-eba8e44ee6 vendor-advisory
cve.org

访问

FEDORA-2019-1a3edd7e8a vendor-advisory
cve.org

访问

FEDORA-2019-7eaf0bbe7c vendor-advisory
cve.org

访问

FEDORA-2019-2a0ce0c58c vendor-advisory
cve.org

访问

FEDORA-2019-a06dffab1c vendor-advisory
cve.org

访问

FEDORA-2019-f563e66380 vendor-advisory
cve.org

访问

20190509 dotCMS v5.1.1 Vulnerabilities mailing-list
cve.org

访问

无标题 OTHER
cve.org

访问

20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability mailing-list
cve.org

访问

20190510 dotCMS v5.1.1 Vulnerabilities mailing-list
cve.org

访问

20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability mailing-list
cve.org

访问

[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update mailing-list
cve.org

访问

[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358) mailing-list
cve.org

访问

无标题 OTHER
cve.org

访问

RHSA-2019:1456 vendor-advisory
cve.org

访问

DSA-4460 vendor-advisory
cve.org

访问

20190612 [SECURITY] [DSA 4460-1] mediawiki security update mailing-list
cve.org

访问

openSUSE-SU-2019:1839 vendor-advisory
cve.org

访问

RHBA-2019:1570 vendor-advisory
cve.org

访问

openSUSE-SU-2019:1872 vendor-advisory
cve.org

访问

[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js mailing-list
cve.org

访问

RHSA-2019:2587 vendor-advisory
cve.org

访问

无标题 OTHER
cve.org

访问

RHSA-2019:3023 vendor-advisory
cve.org

访问

RHSA-2019:3024 vendor-advisory
cve.org

访问

[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities mailing-list
cve.org

访问

[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities mailing-list
cve.org

访问

[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities mailing-list
cve.org

访问

[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html mailing-list
cve.org

访问

无标题 OTHER
cve.org

访问

[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html mailing-list
cve.org

访问

[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update mailing-list
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x mailing-list
cve.org

访问

[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery mailing-list
cve.org

访问

[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery mailing-list
cve.org

访问

[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery mailing-list
cve.org

访问

[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery mailing-list
cve.org

访问

[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery mailing-list
cve.org

访问

[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery mailing-list
cve.org

访问

无标题 OTHER
cve.org

访问

[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1 mailing-list
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update mailing-list
cve.org

访问

ExploitDB EDB-52141 EXPLOIT
exploitdb

访问

Download Exploit EDB-52141 EXPLOIT
exploitdb

访问

CVE Reference: CVE-2020-7656 ADVISORY
cve.org

访问

CVE Reference: CVE-2019-11358 ADVISORY
cve.org

访问

CVSS评分详情

6.1

MEDIUM

CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS版本: 3.1

机密性

LOW

完整性

LOW

可用性

NONE

时间信息

发布时间:

2019-04-19 00:00:00

修改时间:

2024-11-15 15:11:23

创建时间:

2025-11-11 15:35:28

更新时间:

2025-11-11 17:02:33

利用信息

此漏洞有可利用代码！

利用代码数量: 1

利用来源:

未知

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2019-11358`	2025-11-11 15:19:59	2025-11-11 07:35:28
NVD	`nvd_CVE-2019-11358`	2025-11-11 14:56:21	2025-11-11 07:44:01
CNNVD	`cnnvd_CNNVD-201904-948`	2025-11-11 15:10:11	2025-11-11 07:54:29
EXPLOITDB	`exploitdb_EDB-52141`	2025-11-11 15:05:29	2025-11-11 09:02:33

版本与语言

当前版本: v4

主要语言: EN

支持语言:

EN ZH

其他标识符:

安全公告

暂无安全公告信息

变更历史

v4 EXPLOITDB

2025-11-11 17:02:33

references_count: 73 → 77; tags_count: 0 → 3; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']

查看详细变更

references_count: 73 -> 77
tags_count: 0 -> 3
data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']

v3 CNNVD

2025-11-11 15:54:29

vulnerability_type: 未提取 → 跨站脚本; cnnvd_id: 未提取 → CNNVD-201904-948; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 跨站脚本
cnnvd_id: 未提取 -> CNNVD-201904-948
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:44:01

cvss_score: 未提取 → 6.1; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 0 → 211; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

cvss_score: 未提取 -> 6.1
cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss_version: NOT_EXTRACTED -> 3.1
affected_products_count: 0 -> 211
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2019-11358 (CNNVD-201904-948)

中文标题:

jQuery 跨站脚本漏洞

英文标题:

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史