Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-7656

Опубликовано: 19 мая 2020
Источник: redhat
CVSS3: 5.4

Описание

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed.

A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "

Отчет

Red Hat Enterprise Linux version 6, 7 and 8 ship a vulnerable version of JQuery in the pcs component. However the vulnerable has not been found to be exploitable in reasonable scenarios. A future update may update JQuery to a fixed version.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5jquery-railsNot affected
OpenShift Service Mesh 1kialiNot affected
OpenShift Service Mesh 1servicemesh-grafanaNot affected
OpenShift Service Mesh 1servicemesh-prometheusNot affected
Red Hat 3scale API Management Platform 2jqueryWill not fix
Red Hat Ceph Storage 3grafanaNot affected
Red Hat Ceph Storage 3grafana-containerNot affected
Red Hat Ceph Storage 4rhceph/rhceph-4-dashboard-rhel8Not affected
Red Hat Enterprise Linux 6ipaNot affected
Red Hat Enterprise Linux 6pcpOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1850119jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-7656

CVSS3: 6.1
ubuntu
около 5 лет назад

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

nvd логотип

CVE-2020-7656

CVSS3: 6.1
nvd
около 5 лет назад

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

debian логотип

CVE-2020-7656

CVSS3: 6.1
debian
около 5 лет назад

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...

github логотип

GHSA-q4m3-2j7h-f7xw

CVSS3: 6.1
github
около 5 лет назад

Cross-Site Scripting in jquery

fstec логотип

BDU:2023-07536

CVSS3: 6.1
fstec
около 5 лет назад

Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовую сценарную атаку

5.4 Medium

CVSS3