Lucene search

[email protected]NVD:CVE-2020-7656

HistoryMay 19, 2020 - 9:15 p.m.

CVE-2020-7656

2020-05-1921:15:10

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

51.9%

JSON

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove “<script>” HTML tags that contain a whitespace character, i.e: “</script >”, which results in the enclosed script logic to be executed.

Affected configurations

Nvd

Node

jqueryjqueryRange<1.9.0node.js

Node

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

Node

netappactive_iq_unified_managerMatch-linux

netappactive_iq_unified_managerMatch-vmware_vsphere

netappactive_iq_unified_managerMatch-windows

netappcloud_backupMatch-

netapponcommand_system_managerRange3.0.0–3.1.3

netappsnap_creator_frameworkMatch-

Node

juniperjunosMatch21.2-

VendorProductVersionCPE
jqueryjquery*cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:*
oraclepeoplesoft_enterprise_peopletools8.58cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
netappcloud_backup-cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
netapponcommand_system_manager*cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*
netappsnap_creator_framework-cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
juniperjunos21.2cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
jquery	jquery	*	cpe:2.3:a:jquery:jquery::::::node.js::*
oracle	peoplesoft_enterprise_peopletools	8.58	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
netapp	cloud_backup	-	cpe:2.3:a:netapp:cloud_backup:-:::::::*
netapp	oncommand_system_manager	*	cpe:2.3:a:netapp:oncommand_system_manager::::::::
netapp	snap_creator_framework	-	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*
juniper	junos	21.2	cpe:2.3:o:juniper:junos:21.2:-::::::