{"id":"OESA-2023-1446","summary":"doxygen security update","details":"Doxygen is the de facto standard tool for generating documentation from annotated C++ sources, but it also supports other popular programming languages such as C, Objective-C, C#, PHP, Java, Python, IDL (Corba, Microsoft, and UNO/OpenOffice flavors), Fortran, VHDL, Tcl, and to some extent D.\n\nSecurity Fix(es):\n\nCross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.(CVE-2020-23064)","modified":"2025-09-03T06:17:02.638391Z","published":"2023-07-29T11:05:34Z","upstream":["CVE-2020-23064"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1446"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-23064"}],"affected":[{"package":{"name":"doxygen","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/doxygen&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.17-8.oe1"}]}],"ecosystem_specific":{"src":["doxygen-1.8.17-8.oe1.src.rpm"],"aarch64":["doxygen-debugsource-1.8.17-8.oe1.aarch64.rpm","doxygen-doxywizard-1.8.17-8.oe1.aarch64.rpm","doxygen-debuginfo-1.8.17-8.oe1.aarch64.rpm","doxygen-1.8.17-8.oe1.aarch64.rpm"],"x86_64":["doxygen-doxywizard-1.8.17-8.oe1.x86_64.rpm","doxygen-debugsource-1.8.17-8.oe1.x86_64.rpm","doxygen-1.8.17-8.oe1.x86_64.rpm","doxygen-debuginfo-1.8.17-8.oe1.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2023-1446.json"}}],"schema_version":"1.7.3"}