6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7656

GHSA ID

GHSA-q4m3-2j7h-f7xw

EPSS Score

0.77111%

CWE

CWE-79

Published

5/20/2020

Updated

10/10/2024

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-7656

CVE-2020-7656:
Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove <script> HTML tags that contain a whitespace character, i.e: </script >, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

Upgrade to version 1.9.0 or later.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-7656

GHSA ID

GHSA-q4m3-2j7h-f7xw

EPSS Score

0.77111%

CWE

CWE-79

Published

5/20/2020

Updated

10/10/2024

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
jquery-rails	rubygems	< 2.2.0	2.2.0
jquery	npm	>= 1.2.1, < 1.9.0	1.9.0
jQuery	nuget	>= 1.2.1, < 1.9.0	1.9.0
org.webjars.npm:jquery	maven	>= 1.2.1, < 1.9.0	1.9.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

V*rsions o* `jqu*ry` prior to *.*.* *r* vuln*r**l* to *ross-Sit* S*riptin*. T** lo** m*t*o* **ils to r**o*niz* *n* r*mov* `<s*ript>` *TML t**s t**t *ont*in * w*it*sp*** ***r**t*r, i.*: `</s*ript >`, w*i** r*sults in t** *n*los** s*ript lo*i* to ** *x

Reasoning

No *n*lysis *v*il**l*

6.1

Basic Information

Concerned about an active attack path?

CVE-2020-7656: Cross-Site Scripting in jquery

Recommendation

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-7656:
Cross-Site Scripting in jquery

Vulnerability Intelligence
Miggo AI