Description
Json2html is a client side javascript HTML templating library with wrappers for both jQuery and Node.js. A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely.
Recommendation
Update the node-json2html package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.2.0
- Patched version(s): 1.2.0
References
Related Issues
- Joplin Vulnerable to Cross-site Scripting in Note Content - CVE-2018-1000534
- metascraper before v5.2.0 vulnerable to stored cross-site scripting - CVE-2018-3773
- Bootstrap vulnerable to Cross-Site Scripting (XSS) - CVE-2018-14040
- Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter - CVE-2020-19697
- Tags:
- npm
- node-json2html
Anything's wrong? Let us know Last updated on February 03, 2023