\", which results in the enclosed script logic to be","datePublished":"2020-05-19T00:00:00+00:00","dateModified":"2024-08-04T09:33:19.995000+00:00","inLanguage":"en","author":{"@type":"Organization","name":"Vexday"},"publisher":{"@type":"Organization","name":"Vexday","url":"https://vexday.io"},"mainEntityOfPage":"https://vexday.io/en/cve/CVE-2020-7656","keywords":"CVE-2020-7656","breadcrumb":{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://vexday.io/en"},{"@type":"ListItem","position":2,"name":"CVE-2020-7656"}]}}← back
CVE-2020-7656

CVE-2020-7656

EPSS 6.3%
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Affected products
n/a · jquery
public PoCs found1
exploitdbwww.exploit-db.com/exploits/52141unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.netapp.com/advisory/ntap-20200528-0001/https://snyk.io/vuln/SNYK-JS-JQUERY-569619https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_UShttps://www.oracle.com/security-alerts/cpujul2022.html