CISA Warns of Old jQuery Vulnerability Linked to Chinese APT

CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.  

The US cybersecurity agency CISA on Thursday added an old jQuery flaw tracked as CVE-2020-11023 to its Known Exploited Vulnerabilities (KEV) catalog. 

CVE-2020-11023 was disclosed in April 2020. The vulnerability has been described as a medium-severity XSS issue that can be exploited for arbitrary code execution.

jQuery, a library designed to make it easier to use JavaScript, is widely used. After the vulnerability was disclosed, several major organizations published advisories to inform customers about its impact on their products, including Linux distributions, F5, IBM, and Atlassian.

It’s unclear why CISA has added CVE-2020-11023 to its KEV catalog now. There do not appear to be any recent reports describing exploitation of the vulnerability, and the agency typically does not share information on the attacks involving exploitation of flaws added to the KEV ...