Cross-site Scripting in tableexport.jquery.plugin

Severity:: Medium

Description

There is a cross-site scripting vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. This can result in transmitting cookies to third-party servers and/or sending data from secure sessions to third-party servers.

Recommendation

Update the tableexport.jquery.plugin package to the latest compatible version. Followings are version details:

Affected version(s): < 1.25.0
Patched version(s): 1.25.0

References

GHSA-j636-crp3-m584
huntr.dev
CVE-2022-1291
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Cross-site Scripting in jquery.json-viewer - CVE-2022-30241
Cross-site Scripting in vditor - CVE-2022-0350
Cross site scripting in mobiledoc-kit - CVE-2022-2932
Jodit Editor vulnerable to Cross-site Scripting (GHSA-42hx-vrxx-5r6v) - CVE-2022-23461

Tags:: npm; tableexport.jquery.plugin

Anything's wrong? Let us know Last updated on January 27, 2023