Description
The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.
Recommendation
Update the jquery.json-viewer package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.5.0
- Patched version(s): 1.5.0
References
Related Issues
- Cross-Site Scripting in jquery.json-viewer (GHSA-v9wp-8r97-v6xg) - Vulnerability
- Cross-site Scripting in tableexport.jquery.plugin - CVE-2022-1291
- @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details - CVE-2022-39350
- Cross-site Scripting in fullpage.js - CVE-2022-1330
- Tags:
- npm
- jquery.json-viewer
Anything's wrong? Let us know Last updated on February 01, 2023