Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.webjars.npm/jquery@1.2.1
purl pkg:maven/org.webjars.npm/jquery@1.2.1
Tags Ghost
Next non-vulnerable version 3.5.0
Latest non-vulnerable version 3.5.0
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-dakh-ccnn-xfan
Aliases:
CVE-2020-7656
GHSA-q4m3-2j7h-f7xw
Cross-Site Scripting in jquery Versions of `jquery` prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove `<script>` HTML tags that contain a whitespace character, i.e: `</script >`, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser. ## Recommendation Upgrade to version 1.9.0 or later.
1.9.0
Affected by 0 other vulnerabilities.
1.9.1
Affected by 5 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T12:36:45.439489+00:00 GitLab Importer Affected by VCID-dakh-ccnn-xfan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars.npm/jquery/CVE-2020-7656.yml 38.0.0
2026-04-01T15:58:09.142255+00:00 GHSA Importer Affected by VCID-dakh-ccnn-xfan https://github.com/advisories/GHSA-q4m3-2j7h-f7xw 38.0.0