Cross-site Scripting in jquery.json-viewer

Description

The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.

Recommendation

Update the jquery.json-viewer package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.5.0
• Patched version(s): 1.5.0

References

• GHSA-qp2q-6h9j-jg2r
• www.npmjs.com
• CVE-2022-30241
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Cross-Site Scripting in jquery.json-viewer - jquery.json-viewer - Vulnerability
• Cross-site Scripting in tableexport.jquery.plugin - CVE-2022-1291
• jQuery-UI vulnerable to Cross-site Scripting in dialog closeText - CVE-2016-7103
• Cross-site Scripting in vditor - CVE-2022-0350

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

jquery.json-viewer