jQuery – CVE-2020-7656

Home » Blog » jQuery – CVE-2020-7656

Description

Kayran has detected that the version of the jQuery you use is vulnerable to Cross-site Scripting attacks (XSS).
These attacks are enabled by using the “load” method.

The “load” method cannot recognize and remove “<script>” HTML tags that could possibly contain a whitespace character. For example: “</script >”.
This will cause scripts inserted by an attacker to be executed.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

Upgrade the version of the jquery you use.
Make sure you upgrade to version 1.9.0 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Models – CIA and AAA

The field of information security is based on a number of basic principles that are important for us. Each principle is part of two main

Hackers hat shop – The many types of hackers

In our world there are many types of people, people that we trust, those who cannot be trusted, liars, suspicious types, amateur and “Noobs” as

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We