\"... CVSS 6.1 MEDIUM.", "author": {"@type": "Organization", "name": "White Hats Nepal"}, "publisher": {"@id": "https://blog.pentestnepal.tech/#organization"}, "datePublished": "2020-05-19", "dateModified": "2024-11-21", "mainEntityOfPage": "https://blog.pentestnepal.tech/cve/cve-2020-7656/", "inLanguage": "en"}, {"@type": "FAQPage", "mainEntity": [{"@type": "Question", "name": "What is CVE-2020-7656?", "acceptedAnswer": {"@type": "Answer", "text": "CVE-2020-7656 is a vulnerability with a CVSS score of 6.1 (MEDIUM). jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\"..."}}, {"@type": "Question", "name": "How severe is CVE-2020-7656?", "acceptedAnswer": {"@type": "Answer", "text": "CVE-2020-7656 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown."}}, {"@type": "Question", "name": "Is there a patch for CVE-2020-7656?", "acceptedAnswer": {"@type": "Answer", "text": "Check the references section above for vendor advisories and patch information. Affected products include: Jquery Jquery, Oracle Peoplesoft Enterprise Peopletools, Netapp Active Iq Unified Manager, Netapp Cloud Backup, Netapp Oncommand System Manager."}}]}]}
  1. Home
  2. CVE Database
  3. CVE-2020-7656
MEDIUM · 6.1

CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >"...

Vulnerability Description

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
JqueryJquery< 1.9.0
OraclePeoplesoft Enterprise Peopletools8.58
NetappActive Iq Unified Manager-
NetappCloud Backup-
NetappOncommand System Manager>= 3.0.0, <= 3.1.3
NetappSnap Creator Framework-
JuniperJunos21.2

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2020-7656?

CVE-2020-7656 is a vulnerability with a CVSS score of 6.1 (MEDIUM). jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >"...

How severe is CVE-2020-7656?

CVE-2020-7656 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7656?

Check the references section above for vendor advisories and patch information. Affected products include: Jquery Jquery, Oracle Peoplesoft Enterprise Peopletools, Netapp Active Iq Unified Manager, Netapp Cloud Backup, Netapp Oncommand System Manager.