jQuery Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-7656 - Vulnerability Database

jQuery Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-7656

Medium
Reference: CVE-2020-7656
Title: jQuery Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove quotltscriptgtquot HTML tags that contain a whitespace character i.e: quotlt/script gtquot which results in the enclosed script logic to be executed.