Description
Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting (XSS). The package insufficiently sanitizes user input when creating links, and concatenates the user input in an <a> tag.
Recommendation
Update the jquery.json-viewer package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.3.0
- Patched version(s): 1.3.0
References
Related Issues
- Cross-site Scripting in jquery.json-viewer - CVE-2022-30241
- Reflected Cross-Site Scripting in jquery.terminal - Vulnerability
- Vditor Cross-site Scripting vulnerability - CVE-2021-32855
- external-svg-loader Cross-site Scripting vulnerability - CVE-2023-40013
You might also like:
- Tags:
- npm
- jquery.json-viewer
Anything's wrong? Let us know Last updated on January 09, 2023


