Medium severity6.1NVD Advisory· Published May 19, 2020· Updated Jun 17, 2026
CVE-2020-7656
CVE-2020-7656
Description
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jquerynpm | >= 1.2.1, < 1.9.0 | 1.9.0 |
jQueryNuGet | >= 1.2.1, < 1.9.0 | 1.9.0 |
jquery-railsRubyGems | < 2.2.0 | 2.2.0 |
org.webjars.npm:jqueryMaven | >= 1.2.1, < 1.9.0 | 1.9.0 |
Affected products
7- ghsa-coords6 versionspkg:gem/jquery-railspkg:maven/org.webjars.npm/jquerypkg:npm/jquerypkg:nuget/jquerypkg:rpm/almalinux/pcspkg:rpm/almalinux/pcs-snmp
< 2.2.0+ 5 more
- (no CPE)range: < 2.2.0
- (no CPE)range: >= 1.2.1, < 1.9.0
- (no CPE)range: >= 1.2.1, < 1.9.0
- (no CPE)range: >= 1.2.1, < 1.9.0
- (no CPE)range: < 0.10.10-4.el8.alma
- (no CPE)range: < 0.10.10-4.el8.alma
Patches
Vulnerability mechanics
References
13- snyk.io/vuln/SNYK-JS-JQUERY-569619nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-q4m3-2j7h-f7xwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7656ghsaADVISORY
- security.netapp.com/advisory/ntap-20200528-0001/nvdThird Party Advisory
- supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1nvdThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpujul2022.htmlnvdThird Party AdvisoryWEB
- github.com/jquery/jquery/blob/9e6393b0bcb52b15313f88141d0bd7dd54227426/src/ajax.jsghsaWEB
- github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457dghsaWEB
- github.com/jquery/jquery/commit/606b863edaff29035960e4d813b45d63b8d92876ghsaWEB
- github.com/rails/jquery-rails/blob/master/CHANGELOG.mdghsaWEB
- github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.jsghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-7656.ymlghsaWEB
- security.netapp.com/advisory/ntap-20200528-0001ghsaWEB
News mentions
0No linked articles in our index yet.