\", which results in the enclosed script logic to be","datePublished":"2020-05-19T00:00:00+00:00","dateModified":"2024-08-04T09:33:19.995000+00:00","inLanguage":"pt","author":{"@type":"Organization","name":"Vexday"},"publisher":{"@type":"Organization","name":"Vexday","url":"https://vexday.io"},"mainEntityOfPage":"https://vexday.io/pt/cve/CVE-2020-7656","keywords":"CVE-2020-7656","breadcrumb":{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Início","item":"https://vexday.io/pt"},{"@type":"ListItem","position":2,"name":"CVE-2020-7656"}]}}← voltar
CVE-2020-7656

CVE-2020-7656

EPSS 6.3%
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Produtos afetados
n/a · jquery
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/52141não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://security.netapp.com/advisory/ntap-20200528-0001/https://snyk.io/vuln/SNYK-JS-JQUERY-569619https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_UShttps://www.oracle.com/security-alerts/cpujul2022.html