CPANSA-Sidef-2020-7656-jquery: Sidef vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2020-05-19T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2020-05-19T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	6.1	Severity	Medium
Original language		Language	en
Also referred to

Vulnerability Description

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed.

Vulnerabilities

CVE-2020-7656

Vulnerability Description

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed.

Weakness	CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Known affected

Product

Score

Sidef greater than or equal 0.06 and less than or equal 22.07

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	6.1	Medium
2.0	AV:N/AC:M/Au:N/C:N/I:P/A:N	4.3	Medium

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-Sidef-2020-7656-jquery JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2020/cpansa-sidef-2020-7656-jquery.json
https://snyk.io/vuln/SNYK-JS-JQUERY-569619 external
https://snyk.io/vuln/SNYK-JS-JQUERY-569619
https://security.netapp.com/advisory/ntap-20200528-0001/ external
https://security.netapp.com/advisory/ntap-20200528-0001/
CVE-2020-7656 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2020-7656

Revision history

Version	Date of the revision	Summary of the revision
1	Tue May 19 00:00:00 2020	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/