VYPR
\", which results in the enclosed script logic to be executed.","datePublished":"2020-05-19T21:15:10.257Z","dateModified":"2026-06-17T03:25:12.767Z","publisher":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"author":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"proficiencyLevel":"Expert","about":{"@type":"Thing","@id":"https://nvd.nist.gov/vuln/detail/CVE-2020-7656","name":"CVE-2020-7656","identifier":"CVE-2020-7656","description":"jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\", which results in the enclosed script logic to be executed.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656"]},"keywords":"CVE-2020-7656, Medium, CWE-79, jQuery jQuery","mentions":[{"@type":"SoftwareApplication","name":"jQuery","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"jQuery"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2020-7656","item":"https://portal.vyprsec.ai/cves/CVE-2020-7656"}]}]}
Medium severity6.1NVD Advisory· Published May 19, 2020· Updated Jun 17, 2026

CVE-2020-7656

CVE-2020-7656

Description

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jquerynpm
>= 1.2.1, < 1.9.01.9.0
jQueryNuGet
>= 1.2.1, < 1.9.01.9.0
jquery-railsRubyGems
< 2.2.02.2.0
org.webjars.npm:jqueryMaven
>= 1.2.1, < 1.9.01.9.0

Affected products

7

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.