jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
References
Link | Resource |
---|---|
https://security.netapp.com/advisory/ntap-20200528-0001/ | Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-JQUERY-569619 | Exploit Third Party Advisory |
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
22 Jun 2023, 19:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200528-0001/ - Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | (MISC) https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US - Third Party Advisory | |
First Time |
Netapp snap Creator Framework
Netapp active Iq Unified Manager Juniper junos Netapp Oracle Oracle peoplesoft Enterprise Peopletools Netapp oncommand System Manager Juniper Netapp cloud Backup |
13 Jun 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-05-19 21:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-7656
Mitre link : CVE-2020-7656
CVE.ORG link : CVE-2020-7656
JSON object : View
Products Affected
jquery
- jquery
netapp
- active_iq_unified_manager
- snap_creator_framework
- cloud_backup
- oncommand_system_manager
juniper
- junos
oracle
- peoplesoft_enterprise_peopletools
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')