jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2020-05-19T00:00:00
Updated: 2024-08-04T09:33:19.995Z
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7656
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-05-19T21:15:10.257
Modified: 2023-06-22T19:49:24.680
Link: CVE-2020-7656
Redhat