Description
The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.
Recommendation
Update the jquery.json-viewer package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.5.0
- Patched version(s): 1.5.0
References
Related Issues
- Cross-Site Scripting in jquery.json-viewer - jquery.json-viewer - Vulnerability
- Cross-site Scripting in tableexport.jquery.plugin - CVE-2022-1291
- @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details - CVE-2022-39350
- tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload - CVE-2022-25854
You might also like:
- Tags:
- npm
- jquery.json-viewer
Anything's wrong? Let us know Last updated on February 01, 2023