jQuery – CVE-2020-7656

Description

Kayran has detected that the version of the jQuery you use is vulnerable to Cross-site Scripting attacks (XSS).
These attacks are enabled by using the “load” method.

The “load” method cannot recognize and remove “<script>” HTML tags that could possibly contain a whitespace character. For example: “</script >”.
This will cause scripts inserted by an attacker to be executed.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

Upgrade the version of the jquery you use.
Make sure you upgrade to version 1.9.0 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »