Description
Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting (XSS). The package insufficiently sanitizes user input when creating links, and concatenates the user input in an <a> tag.
Recommendation
Update the jquery.json-viewer package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.3.0
- Patched version(s): 1.3.0
References
Related Issues
- Cross-site Scripting in jquery.json-viewer - CVE-2022-30241
- bootstrap Cross-site Scripting vulnerability (GHSA-ph58-4vrj-w6hr) - CVE-2018-20677
- Bootstrap Cross-site Scripting vulnerability (GHSA-pj7m-g53m-7638) - CVE-2018-14041
- Joplin Cross-site Scripting vulnerability (GHSA-7grw-xfx6-qhx6) - CVE-2023-37298
- Tags:
- npm
- jquery.json-viewer
Anything's wrong? Let us know Last updated on January 09, 2023