CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
We have discovered 2,114,463 live websites that are affected by CVE-2020-7656.
Affected Software
| Product |  jQuery |
| Category | JavaScript Libraries |
| Vulnerable Domains | 2,114,463 live websites (10.97% of jQuery install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 410 versions ( 49.64% of all versions) |
Details
- Published - May 19, 2020
- Updated - Aug 4, 2024
CVE References
CVE-2020-7656 usage by Country
 United States | 787,206 websites |
 Germany | 192,189 websites |
 China | 148,848 websites |
 Japan | 135,261 websites |
 Russia | 106,200 websites |
 France | 84,460 websites |
 GB | 52,358 websites |
 Poland | 42,974 websites |
 Hong Kong | 42,111 websites |
 Netherlands | 39,127 websites |
CVE-2020-7656 usage by TLD
| .com | 1,005,826 websites |
| .de | 129,278 websites |
| .ru | 94,462 websites |
| .org | 90,144 websites |
| .net | 79,803 websites |
| .co.uk | 46,690 websites |
| .jp | 37,872 websites |
| .nl | 36,117 websites |
| .pl | 33,811 websites |
| .cn | 31,381 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-7656
Top websites that are affected by CVE-2020-7656. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | *** | |
| ******.ru | Russia | *** | |
| *****************.com | United States | *** | |
| ***.****.ru | Russia | *** | |
| **.ru | Russia | *** | |
| ************.ru | Russia | *** | |
| **.******.com |  Canada | *** | |
| *********.com | United States | *** | |
| ************.com | United States | *,*** | |
| ****.org | United States | *,*** |
FAQ
A total of 2,114,463 websites have been identified as vulnerable to CVE-2020-7656, discovered through global website indexing conducted by WebTechSurvey.
jQuery is susceptible to CVE-2020-7656 vulnerability.
jQuery versions before 1.9 are vulnerable to CVE-2020-7656.
Version 1.9 of jQuery addresses the CVE-2020-7656 security vulnerability.
References
- https://security.netapp.com/advisory/ntap-20200528-0001/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://snyk.io/vuln/SNYK-JS-JQUERY-569619
- https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US