CVE-2020-7656

EUVD-2020-0437
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
jqueryjquery
𝑥
< 1.9.0
oraclepeoplesoft_enterprise_peopletools
8.58
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netappcloud_backup
-
netapponcommand_system_manager
3.0.0 ≤
𝑥
≤ 3.1.3
netappsnap_creator_framework
-
juniperjunos
21.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jquery
bionic
not-affected
eoan
ignored
focal
not-affected
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://security.netapp.com/advisory/ntap-20200528-0001/
https://snyk.io/vuln/SNYK-JS-JQUERY-569619
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US
https://www.oracle.com/security-alerts/cpujul2022.html
https://security.netapp.com/advisory/ntap-20200528-0001/
https://snyk.io/vuln/SNYK-JS-JQUERY-569619
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US
https://www.oracle.com/security-alerts/cpujul2022.html