CVE-2020-7656: Cross-site Scripting
(updated )
JQuery allows Cross-site Scripting attacks via the load
method. The load
method fails to recognize and remove <script>
HTML tags that contain a whitespace character such as </script >
.
References
Detect and mitigate CVE-2020-7656 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →