CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed.
Configurations

Configuration 1

cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:*

Information

Published : 2020-05-19 09:15

Updated : 2022-07-25 06:15


NVD link : CVE-2020-7656

Mitre link : CVE-2020-7656

Products Affected
No products.
CWE