Description
Versions of jquery.terminal prior to 1.21.0 are vulnerable to Reflected Cross-Site Scripting. If the application has either of the options anyLinks or invokeMethods set to true, the application may execute arbitrary JavaScript through crafted malicious payloads due to insufficient sanitization.
Recommendation
Update the jquery.terminal package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.21.0
- Patched version(s): 1.21.0
References
Related Issues
- Cross-Site Scripting in jquery.json-viewer (GHSA-v9wp-8r97-v6xg) - Vulnerability
- Reflected Cross-Site Scripting in redis-commander - Vulnerability
- VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability - CVE-2024-29271
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) - CVE-2024-52809
- Tags:
- npm
- jquery.terminal
Anything's wrong? Let us know Last updated on January 09, 2023