Potential XSS in jQuery dependency in Mirador

Severity:: Medium

Description

Mirador users less than v3.0.0 (alpha-rc) versions that have an unpatched jQuery. When adopters update jQuery they will find some of Mirador functionality to be broken.

Recommendation

Update the mirador package to the latest compatible version. Followings are version details:

Affected version(s): <= 2.7.2
Patched version(s): 3.0.0-alpha.0

References

GHSA-hgwm-pv9h-q5m7
CWE-79
OWASP 2021-A3

Related Issues

Potential XSS vulnerability in jQuery - CVE-2020-11023
Potential XSS vulnerability in jQuery - jquery - CVE-2020-11022
a12nserver vulnerable to potential SQL Injections via Knex dependency - Vulnerability
rendertron XSS vulnerability - CVE-2017-18352

How to Secure your NodeJs Express Javascript Application - part 1

These 7 PHP mistakes leave your website open to the hackers

How do hackers hack websites?

Tags:: npm; mirador

Anything's wrong? Let us know Last updated on January 09, 2023