jquery before 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jquery jquery |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
netapp snap creator framework - |
||
netapp cloud backup - |
||
netapp oncommand system manager |
||
netapp active iq unified manager - |
||
juniper junos 21.2 |