Summary

Security Advisory ID : BSA-2020-972

Component : jQuery

Revision : 1.0

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Affected Products

• Brocade SANnav versions before SANnav 2.1.1
• Brocade Fabric OS versions after 9.0.0 and before 9.0.1a 

  Note: Brocade Fabric OS v8.X and v7.X are not impacted. 

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Credit

This issue was discovered through security testing.

Revision History