Description
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Remediation
References
Related Vulnerabilities
phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)
MySQL CVE-2021-2356 Vulnerability (CVE-2021-2356)
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-27427)
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Local File Inclusion (1.3.6.2)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2086)