First published: Tue May 19 2020(Updated: )
A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability is to data confidentiality and integrity.
Credit: report@snyk.io report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/qpid-dispatch | <0:1.13.0-3.el6_10 | 0:1.13.0-3.el6_10 |
redhat/qpid-dispatch | <0:1.13.0-3.el7 | 0:1.13.0-3.el7 |
redhat/qpid-dispatch | <0:1.13.0-3.el8 | 0:1.13.0-3.el8 |
redhat/pcs | <0:0.10.10-4.el8 | 0:0.10.10-4.el8 |
redhat/jquery | <1.9.0 | 1.9.0 |
Jquery Jquery Node.js | <1.9.0 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Netapp Active Iq Unified Manager Linux | ||
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp Cloud Backup | ||
NetApp OnCommand System Manager | >=3.0.0<=3.1.3 | |
NetApp Snap Creator Framework | ||
Juniper JUNOS | =21.2 | |
IBM Data Risk Manager | <=2.0.6 | |
maven/org.webjars.npm:jquery | >=1.2.1<1.9.0 | 1.9.0 |
nuget/jQuery | >=1.2.1<1.9.0 | 1.9.0 |
npm/jquery | >=1.2.1<1.9.0 | 1.9.0 |
rubygems/jquery-rails | <2.2.0 | 2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7656 is a vulnerability in jQuery that allows for Cross-site Scripting attacks via the load method.
CVE-2020-7656 affects jQuery versions prior to 1.9.0.
The severity of CVE-2020-7656 is medium, with a severity value of 6.1.
To fix CVE-2020-7656, update jQuery to version 1.9.0 or later.
You can find more information about CVE-2020-7656 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-7656), [Snyk](https://snyk.io/vuln/SNYK-JS-JQUERY-569619), [NetApp Security Advisory](https://security.netapp.com/advisory/ntap-20200528-0001/).