Description
Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting (XSS). The package insufficiently sanitizes user input when creating links, and concatenates the user input in an <a> tag.
Recommendation
Update the jquery.json-viewer package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.3.0
- Patched version(s): 1.3.0
References
Related Issues
- Cross-site Scripting in jquery.json-viewer - CVE-2022-30241
- Reflected Cross-Site Scripting in jquery.terminal - Vulnerability
- html2pdf.js contains a cross-site scripting vulnerability - CVE-2026-22787
- Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint - CVE-2025-65019
You might also like:
- Tags:
- npm
- jquery.json-viewer
Anything's wrong? Let us know Last updated on January 09, 2023