jQuery – CVE-2020-7656

Home » blog » jQuery – CVE-2020-7656

Description

Kayran has detected that the version of the jQuery you use is vulnerable to Cross-site Scripting attacks (XSS).
These attacks are enabled by using the “load” method.

The “load” method cannot recognize and remove “<script>” HTML tags that could possibly contain a whitespace character. For example: “</script >”.
This will cause scripts inserted by an attacker to be executed.

Recommendation

Upgrade the version of the jquery you use.
Make sure you upgrade to version 1.9.0 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656

< Return to all Vulnerabilities

A funny word that is not funny – Proxy

We’ve talked about a lot of funny words in the past, and if you’re here, you must have heard the word Proxy at least twice,

Designing our Web Apps – CSS

The CSS language which are the initials of Cascading Style Sheets, similar to HTML, CSS is not a programming language, it’s belong to a group

Baby steps – getting into the PT industry

By raising hands please tell me ; WHO LIKES MONEY ? I bet none of you kept his hand low, and that’s fine, we love

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

WEB APPLICATION VULNERABILITY SCANNER