Description
Mirador users less than v3.0.0 (alpha-rc) versions that have an unpatched jQuery. When adopters update jQuery they will find some of Mirador functionality to be broken.
Recommendation
Update the mirador package to the latest compatible version. Followings are version details:
- Affected version(s): <= 2.7.2
- Patched version(s): 3.0.0-alpha.0
References
Related Issues
- Potential XSS vulnerability in jQuery - CVE-2020-11023
- Potential XSS vulnerability in jQuery (GHSA-gxr4-xjj5-5px2) - CVE-2020-11022
- a12nserver vulnerable to potential SQL Injections via Knex dependency - Vulnerability
- XSS in the `altField` option of the Datepicker widget in jquery-ui - CVE-2021-41182
- Tags:
- npm
- mirador
Anything's wrong? Let us know Last updated on January 09, 2023