Javascript Library jQuery Security Update (MINDBREEZE15136)

ID: MINDBREEZE15136 
Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 6.1 Medium 
Status: Final 
First published: February 2, 2021 
CVEs: CVE-2020-11023 

Summary

In jQuery, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Remediation

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

• Mindbreeze InSpire 20.5 Release (Version 20.5.1.835)
• Mindbreeze InSpire SaaS 20.5 Release (Version 20.5.1.835)