jQuery Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-7656 - Vulnerability Database

jQuery

jQuery Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-7656

Medium

Reference: CVE-2020-7656

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-7656

Title: jQuery Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove quotltscriptgtquot HTML tags that contain a whitespace character i.e: quotlt/script gtquot which results in the enclosed script logic to be executed.