CVE-2020-7656
Description
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove , which results in the enclosed script logic to be executed.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.105
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Nessus Agent (10.5.0) | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.5.0) | Windows |
| Multiple vulnerabilities are fixed in Tenable Nessus 10.5.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.2 | Windows |
| Vulnerabilities CVE-2012-6708,CVE-2020-7656 are fixed in WebJars - jquery 1.9.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0 | Windows |
| Vulnerabilities CVE-2012-6708,CVE-2020-7656 are fixed in Ruby-jquery-rails 2.2.0 | Windows |
| Vulnerabilities CVE-2020-7656 are fixed in Nuget - jQuery 1.9.0 | Windows |
| Vulnerabilities CVE-2012-6708,CVE-2020-7656 are fixed in WebJars - jquery for Linux 1.9.0 | Linux |
| Vulnerabilities CVE-2012-6708,CVE-2020-7656 are fixed in Ruby-jquery-rails for Linux 2.2.0 | Linux |
| Vulnerabilities CVE-2020-7656 are fixed in Nuget - jQuery for Linux 1.9.0 | Linux |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2020-7656) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-346981 | Nessus Agent (10.8.4) (Manual Upload Required) |
| PATCH-346982 | Nessus Agent (x64) (10.8.4) (Manual Upload Required) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234