Description
Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting (XSS). The package insufficiently sanitizes user input when creating links, and concatenates the user input in an <a> tag.
Recommendation
Update the jquery.json-viewer package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.3.0
- Patched version(s): 1.3.0
References
Related Issues
- Cross-site Scripting in jquery.json-viewer - CVE-2022-30241
- Cross-Site Scripting in swagger-ui (GHSA-vp93-gcx5-4w52) - Vulnerability
- Cross-Site Scripting in swagger-ui (GHSA-388g-jwpg-x6j4) - Vulnerability
- Cross-Site Scripting in bootstrap-select (GHSA-9r7h-6639-v5mw) - Vulnerability
- Tags:
- npm
- jquery.json-viewer
Anything's wrong? Let us know Last updated on January 09, 2023