jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove “<script>” HTML tags that contain a whitespace character, i.e: “</script >”, which results in the enclosed script logic to be executed.
CPE | Name | Operator | Version |
---|---|---|---|
jquery | lt | 1.9.0 | |
junos | eq | 21.2 | |
oncommand_system_manager | ge | 3.0.0 | |
oncommand_system_manager | le | 3.1.3 | |
peoplesoft_enterprise_peopletools | eq | 8.58 |