jQuery – CVE-2020-7656

Description

Cytrix has detected that the version of the jQuery you use is vulnerable to Cross-site Scripting attacks (XSS).
These attacks are enabled by using the “load” method.

The “load” method cannot recognize and remove “<script>” HTML tags that could possibly contain a whitespace character. For example: “</script >”.
This will cause scripts inserted by an attacker to be executed.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

Upgrade the version of the jquery you use.
Make sure you upgrade to version 1.9.0 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656
https://cwe.mitre.org/data/definitions/79.html

Possible Social Security Number Disclosure

Description Cytrix has possibly detected a Social Security Number in your system. That means that...

Possible Credit Card Number Disclosure

Description Cytrix has possibly detected a Credit Card Number in your system. This exposure can...

Internal IP Disclosure

Description Cytrix has detected an internal IPv4 address in your system. Internal IP Disclosure...

External IP Disclosure

Description Cytrix has detected an external IPv4 address in your system. External IP Disclosure...