CVE-2020-7656
- Source
- https://cve.org/CVERecord?id=CVE-2020-7656
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7656.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-7656
- Aliases
- Downstream
- Related
- Published
- 2020-05-19T21:15:10.257Z
- Modified
- 2026-04-10T04:28:08.992045Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
- References
-
- https://security.netapp.com/advisory/ntap-20200528-0001/
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://snyk.io/vuln/SNYK-JS-JQUERY-569619
Affected packages
Git / github.com/jquery/jquery
Affected versions
1.*
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0a
1.1
1.1.1
1.1.2
1.1.3
1.1.3.1
1.1.3a
1.1.4
1.1a
1.1b
1.2
1.2.1
1.2.2
1.2.2b
1.2.2b2
1.2.3a
1.2.3b
1.2.4
1.2.4a
1.2.4b
1.2.5
1.3.1rc1
1.3b1
1.3b2
1.3rc1
1.4.3rc1
1.4.3rc2
1.4.4rc1
1.4.4rc2
1.4.4rc3
1.4a1
1.4a2
1.4rc1
1.5.1rc1
1.5.2rc1
1.5b1
1.5rc1
1.6.1rc1
1.6.2rc1
1.6.3rc1
1.6.4rc1
1.6b1
1.6rc1
1.7.1rc1
1.7.2b1
1.7.2rc1
1.7b1
1.7b2
1.7rc1
1.8b1
1.8b2
1.8rc1
1.9.0b1
1.9.0rc1
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.58"
}
]
},
{
"events": [
{
"introduced": "3.0.0"
},
{
"last_affected": "3.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "21.2-NA"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7656.json"