jQuery – CVE-2020-7656

Home » Blog » jQuery – CVE-2020-7656

Description

Kayran has detected that the version of the jQuery you use is vulnerable to Cross-site Scripting attacks (XSS).
These attacks are enabled by using the “load” method.

The “load” method cannot recognize and remove “<script>” HTML tags that could possibly contain a whitespace character. For example: “</script >”.
This will cause scripts inserted by an attacker to be executed.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

Upgrade the version of the jquery you use.
Make sure you upgrade to version 1.9.0 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Enterprise Mobility – BYOD vs. CYOD

We know that “demarcation” of our Enterprise Mobility is very important in the field of Information Security especially when we talk about the devices being

The least choking snake – Python

Nice title does it? No but seriously, tell it to my boss. but seriously-Seriously, in this article we are gonna talk about Python, and no,

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Playing Online? Dangers that exist in Online Games

Browser Games? Is it Safe to be Playing Online? What are Dangers that exist in Online Games? Is it better to download and play software

Cyberbullying – We Need to Talk About it

Disclaimer: We in Kayran do not support or encourage any forms or acts of Cyber-bullying. We do not intend to hurt or make fun of

WEB APPLICATION VULNERABILITY SCANNER