Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7656)

Description

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

Remediation

References

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Best Sellers Security Bypass (1.1.11)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5097)

WordPress Plugin GiveWP-Donation and Fundraising Platform Security Bypass (2.5.9)

Oracle JRE CVE-2024-20918 Vulnerability (CVE-2024-20918)

WordPress Plugin WP Ad Guru Lite Cross-Site Scripting (1.6.0)

Severity

Medium

Classification

CVE-2020-7656 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities