Description
The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.
Recommendation
Update the jquery.json-viewer package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.5.0
- Patched version(s): 1.5.0
References
Related Issues
- Cross-Site Scripting in jquery.json-viewer (GHSA-v9wp-8r97-v6xg) - Vulnerability
- Cross-site Scripting in tableexport.jquery.plugin - CVE-2022-1291
- Cross-site Scripting in vditor - CVE-2022-0350
- Joplin Desktop App vulnerable to Cross-site Scripting - CVE-2022-45598
- Tags:
- npm
- jquery.json-viewer
Anything's wrong? Let us know Last updated on February 01, 2023