CVE-2020-7656
- Source
- https://cve.org/CVERecord?id=CVE-2020-7656
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7656.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-7656
- Aliases
-
- GHSA-q4m3-2j7h-f7xw
- SNYK-JS-JQUERY-569619
- Downstream
- Related
- Published
- 2020-05-19T21:15:10.257Z
- Modified
- 2026-05-28T04:06:14.217656721Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "introduced": "3.0.0" }, { "last_affected": "3.1.3" } ], "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*" ], "vendor_product": "netapp:oncommand_system_manager" }, { "source": "CPE_STRING", "extracted_events": [ { "last_affected": "21.2-NA" } ], "cpes": [ "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*" ], "vendor_product": "juniper:junos" }, { "extracted_events": [ { "last_affected": "8.58" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*" ], "vendor_product": "oracle:peoplesoft_enterprise_peopletools" } ] }- References
-
- https://security.netapp.com/advisory/ntap-20200528-0001/
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://snyk.io/vuln/SNYK-JS-JQUERY-569619
Affected packages
Git / github.com/jquery/jquery
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jquery/jquery
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "1.9.0" } ], "source": "CPE_RANGE" }
Affected versions
1.*
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0a
1.1
1.1.1
1.1.2
1.1.3
1.1.3.1
1.1.3a
1.1.4
1.1a
1.1b
1.2
1.2.1
1.2.2
1.2.2b
1.2.2b2
1.2.3a
1.2.3b
1.2.4
1.2.4a
1.2.4b
1.2.5
1.3.1rc1
1.3b1
1.3b2
1.3rc1
1.4.3rc1
1.4.3rc2
1.4.4rc1
1.4.4rc2
1.4.4rc3
1.4a1
1.4a2
1.4rc1
1.5.1rc1
1.5.2rc1
1.5b1
1.5rc1
1.6.1rc1
1.6.2rc1
1.6.3rc1
1.6.4rc1
1.6b1
1.6rc1
1.7.1rc1
1.7.2b1
1.7.2rc1
1.7b1
1.7b2
1.7rc1
1.8b1
1.8b2
1.8rc1
1.9.0b1
1.9.0rc1