Description
This is low impact and limited XSS, because code for XSS payload is always visible, but attacker can use other techniques to hide the code the victim sees.
Also if the application use execHash option and execute code from URL the attacker can use this URL to execute his code.
Recommendation
Update the jquery.terminal package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.31.1
- Patched version(s): 2.31.1
References
Related Issues
- pg-promise SQL Injection vulnerability - CVE-2025-29744
- njwt Prototype Pollution vulnerability - CVE-2024-34273
- Elliptic allows BER-encoded signatures - CVE-2024-42461
- ejs lacks certain pollution protection - CVE-2024-33883
- Tags:
- npm
- jquery.terminal
Anything's wrong? Let us know Last updated on January 30, 2023