You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
mend-for-github-combot
changed the title
CVE-2020-7656 (Medium) detected in jquery-1.3.2.min.js, jquery-1.4.2.min.js
CVE-2020-7656 (Medium) detected in jquery-1.3.2.min.js
Sep 12, 2022
mend-for-github-combot
changed the title
CVE-2020-7656 (Medium) detected in jquery-1.3.2.min.js
CVE-2020-7656 (Medium) detected in jquery-1.3.2.min.js, jquery-1.4.2.min.js
Jan 5, 2023
mend-for-github-combot
changed the title
CVE-2020-7656 (Medium) detected in jquery-1.3.2.min.js, jquery-1.4.2.min.js
CVE-2020-7656 (Medium) detected in jquery-1.4.2.min.js
Jan 9, 2023
CVE-2020-7656 - Medium Severity Vulnerability
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.2/jquery.min.js
Path to vulnerable library: /facebook-oauth2/public/js/jquery-1.4.2.min.js,/twitter-oauth/public/js/jquery-1.4.2.min.js
Dependency Hierarchy:
Found in HEAD commit: 8ba9b71f88d013f157aff1fafc35b1d5eef23af0
Found in base branch: master
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-q4m3-2j7h-f7xw
Release Date: 2020-05-19
Fix Resolution: jquery - 1.9.0
The text was updated successfully, but these errors were encountered: