jQuery – CVE-2020-7656

Description

Kayran has detected that the version of the jQuery you use is vulnerable to Cross-site Scripting attacks (XSS).
These attacks are enabled by using the “load” method.

The “load” method cannot recognize and remove “<script>” HTML tags that could possibly contain a whitespace character. For example: “</script >”.
This will cause scripts inserted by an attacker to be executed.

Recommendation

Upgrade the version of the jquery you use.
Make sure you upgrade to version 1.9.0 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »