\", which results in the enclosed script l"}},{"@type":"Question","name":"Is CVE-2020-7656 being actively exploited?","acceptedAnswer":{"@type":"Answer","text":"It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 6%."}},{"@type":"Question","name":"What products does CVE-2020-7656 affect?","acceptedAnswer":{"@type":"Answer","text":"Tracked products affected include PeopleSoft Enterprise PeopleTools. Check the version you run to see whether it is affected."}},{"@type":"Question","name":"How do I fix CVE-2020-7656?","acceptedAnswer":{"@type":"Answer","text":"Apply the vendor fix in your normal patch cycle. Upgrade affected products to a fixed version."}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://isitpatched.com/"},{"@type":"ListItem","position":2,"name":"Actively exploited","item":"https://isitpatched.com/exploited"},{"@type":"ListItem","position":3,"name":"CVE-2020-7656","item":"https://isitpatched.com/cve/CVE-2020-7656"}]}]
Synced 19 Jun 2026 07:34 UTC Account
← All products

CVE-2020-7656

MEDIUM severity · CVSS 6.1 · Cross-site scripting (XSS)
6.1CVSS MEDIUM

Summary

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactLow
Integrity impactLow
Availability impactNone
Exploit probability (EPSS)6%

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products we track (1)

PeopleSoft Enterprise PeopleTools

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information