CVE-2020-7656

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions jquery versions prior to 1.9.0

Description The issue allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove <script> HTML tags that contain a whitespace character, i.e: </script >, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.

Recommendations Upgrade to version 1.9.0 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2021:4142

ALSA-2025_16880

BDU:2023-07536

CESA-2021_4142

CVE-2020-7656

GHSA-Q4M3-2J7H-F7XW

RHSA-2020:4211

RHSA-2021:4142

RHSA-2021_4142

RLSA-2021:4142

SNYK-JS-JQUERY-569619

Affected Products

Almalinux

Centos

Junos

Red Hat

Rocky Linux

Jquery

CVE-2020-7656

Weakness Enumeration

Related Identifiers

Affected Products

References · 53