CVE-2020-11023 PoC — Potential XSS vulnerability in jQuery

Source

Associated Vulnerability

Readme

# 💥 CVE-2020-11023 Scanner: Find and Conquer XSS Before It's Too Late! 💥

[![Static Analysis](https://img.shields.io/badge/Static%20Analysis-✓-brightgreen.svg)](https://en.wikipedia.org/wiki/Static_program_analysis) [![No Dynamic Execution](https://img.shields.io/badge/No%20Dynamic%20Execution-✓-blue.svg)](https://en.wikipedia.org/wiki/Dynamic_program_analysis) [![CVE-2020-11023](https://img.shields.io/badge/CVE--2020--11023-Targeted-red.svg)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023)

Are you haunted by the specter of **Cross-Site Scripting (XSS) vulnerabilities** lurking in your JavaScript code? Worried about **CVE-2020-11023** leaving your web applications open to attack? Fear no more! The **CVE-2020-11023 Scanner** is here to help you find and conquer those pesky vulnerabilities!

This **fast** and **reliable** **static analysis** tool is designed to scan JavaScript files and web pages for the telltale signs of XSS vulnerabilities, especially those related to CVE-2020-11023. It focuses on **jQuery** versions before 3.5.0, which are known to be susceptible.

**Disclaimer:** Remember, this tool performs **static analysis only**. It doesn't execute any code, so it can't guarantee exploitability with the same certainty as dynamic analysis. **Always manually review the findings and perform further testing to confirm the actual risk!**

## ✨ Killer Features:

*   **🔎 Versatile Scanning:**
    *   **URLs:** Crawls web pages, analyzing both inline and external JavaScript files.
    *   **Local Files & Directories:** Recursively scans local directories for `.js` files.
*   **🕵️‍♂️ Vulnerable jQuery Detection:**  Pinpoints jQuery versions known to be affected by CVE-2020-11023.
*   **🚨 Dangerous Pattern Identification:** Flags the use of potentially dangerous jQuery DOM manipulation methods like `.html()`, `.append()`, `.after()`, `.before()`, and `.replaceWith()` when used with potentially unsafe inputs.
*   **🔍 Unsafe Input Source Tracking:** Detects the use of potentially untrusted data sources like `window.location`, `document.cookie`, and more.
*   **🚀 Application Code Focus:** Skips common third-party libraries (jQuery, Bootstrap, etc.) by default to reduce noise and zero in on your code.
*   **🌐 Deep Scanning (Optional):** Recursively crawls linked JavaScript files on web pages for a more thorough analysis.
*   **📃 Clear and Concise Reporting:** Generates a report highlighting potential vulnerabilities with details about their location and severity.

## 🛠️ Requirements

*   Python 3.x
*   `requests` library (`pip install requests`)
*   `beautifulsoup4` library (`pip install beautifulsoup4`)
*   `packaging` library (`pip install packaging`)

## ⚡ Quick Installation

1.  **Clone this repository:**

    ```bash
    git clone <your-repository-url>
    cd <your-repo-name>
    ```

2.  **Install the dependencies:**

    ```bash
    pip install -r requirements.txt
    ```

## 🚀 Usage

**Command-line arguments:**

*   `--url <URL>`: Specifies the target URL to scan.
*   `--file <path>`: Specifies a local file or directory path to scan.
*   `--deep`: Enables deep scanning for URLs (recursive crawling of linked JavaScript files).

**Examples:**

*   **Scan a website (with deep scanning):**

    ```bash
    python scan.py --url [https://www.example.com](https://www.example.com) --deep
    ```

*   **Scan a local JavaScript file:**

    ```bash
    python scan.py --file /path/to/your/file.js
    ```

*   **Scan a local directory recursively:**

    ```bash
    python scan.py --file /path/to/your/directory
    ```

**Example Report:**

```text
════════════════════════════════════════════════════════════════════════════════════════════
VULNERABILITY SCAN REPORT
CVE-2020-11023
════════════════════════════════════════════════════════════════════════════════════════════

■ [POTENTIAL VULNERABLE] JQUERY_VERSION
  Location: [https://www.example.com/](https://www.example.com/)
  Line: N/A
  Code: Update to >=3.5.0
  Details: jQuery 3.4.0 (POTENTIALLY VULNERABLE)

■ [POTENTIAL VULNERABLE] METHOD_APPEND
  Location: [https://support.google.com/photos/thread/202686606/apakah-foto-atau-video-yg-dihapus-secara-permanen-tidak-akan-bisa-kembali-lagi?hl=id](https://support.google.com/photos/thread/202686606/apakah-foto-atau-video-yg-dihapus-secara-permanen-tidak-akan-bisa-kembali-lagi?hl=id)
  Line: 25
  Code:     element.append(data);
  Details: Unsafe variable: data, Direct source: window.location

■ [INFO] JQUERY_VERSION
  Location: [https://support.google.com/photos/thread/202686606/apakah-foto-atau-video-yg-dihapus-secara-permanen-tidak-akan-bisa-kembali-lagi?hl=id](https://support.google.com/photos/thread/202686606/apakah-foto-atau-video-yg-dihapus-secara-permanen-tidak-akan-bisa-kembali-lagi?hl=id)
  Line: N/A
  Code: Safe version
  Details: jQuery 3.6.0 (SAFE)

🛡️ Recommendations
Update jQuery: If a vulnerable jQuery version is detected, update to the latest version (>= 3.5.0) immediately.
Sanitize Input: Thoroughly sanitize any user-supplied or untrusted data before using it with potentially dangerous DOM manipulation methods. Consider using libraries like DOMPurify.
Use .text() Wisely: If you only need to insert text content, use the .text() method instead of .html() or other methods that could interpret input as HTML.
Manual Review: Always manually review the findings of this script to determine the actual risk and rule out false positives.
🙌 Contributing
Let's make the digital world safer together! Your contributions are highly welcome! Please feel free to submit pull requests or open issues to improve this script's performance and capabilities.

📄 License
This project is licensed under the MIT License.

File Snapshot

 [4.0K]  /data/pocs/76a5210d276bad67a8e53d0653c55ceadd8c86ab
├── [1.0K]  LICENSE
├── [6.0K]  README.md
├── [  56]  requirements.txt
└── [9.8K]  scan.py

0 directories, 4 files

Remarks