jQuery Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove quotltscriptgtquot HTML tags that contain a whitespace character i.e: quotlt/script gtquot which results in the enclosed script logic to be executed.