\", which results in the enclosed script logic to be","datePublished":"2020-05-19T00:00:00+00:00","dateModified":"2024-08-04T09:33:19.995000+00:00","inLanguage":"es","author":{"@type":"Organization","name":"Vexday"},"publisher":{"@type":"Organization","name":"Vexday","url":"https://vexday.io"},"mainEntityOfPage":"https://vexday.io/es/cve/CVE-2020-7656","keywords":"CVE-2020-7656","breadcrumb":{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Inicio","item":"https://vexday.io/es"},{"@type":"ListItem","position":2,"name":"CVE-2020-7656"}]}}← volver
CVE-2020-7656

CVE-2020-7656

EPSS 6.3%
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Productos afectados
n/a · jquery
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/52141no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://security.netapp.com/advisory/ntap-20200528-0001/https://snyk.io/vuln/SNYK-JS-JQUERY-569619https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_UShttps://www.oracle.com/security-alerts/cpujul2022.html