jQuery – CVE-2020-7656

Home » Blog » jQuery – CVE-2020-7656

Description

Kayran has detected that the version of the jQuery you use is vulnerable to Cross-site Scripting attacks (XSS).
These attacks are enabled by using the “load” method.

The “load” method cannot recognize and remove “<script>” HTML tags that could possibly contain a whitespace character. For example: “</script >”.
This will cause scripts inserted by an attacker to be executed.

Recommendation

Upgrade the version of the jquery you use.
Make sure you upgrade to version 1.9.0 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656

< Return to all Vulnerabilities

WAF – Web Application Firewall

WAF, which stands for Web Application Firewall, helps protect web-based applications by blocking and preventing many common types of attacks which would otherwise have been

Understanding Attackers

Looking in the Attacker’s eyes – There are many ways we can do it. So when we want to achieve the goal of Understanding Attackers,

Your SQL got the I(njection)

We’ve talked about it before right? or am i the only one having a Deja-Vu? Or an SQL Injection? No on likes doctors, or needles,

Networking? – Social Engineering

In our time, we know that socializing has a very high importance and that every person (almost) has a basic need to maintain certain “connection”

SOC Analysts – The Front line

It is important to know that being vigilant is a very important trait in the field of information security, in this article we will discuss

A leaking faucet – Data Leaks\Breaches

Imagine you’re running a 400 million dollar company, you got the company’s car, insurance and maybe even dental care! Now imagine that all the information

WEB APPLICATION VULNERABILITY SCANNER