logo

Database

Reflected cross-site scripting (XSS) In jquery.json-viewer

Description

Cross-Site Scripting in jquery.json-viewer Versions of jquery.json-viewer prior to 1.3.0 are vulnerable to Cross-Site Scripting (XSS). The package insufficiently sanitizes user input when creating links, and concatenates the user input in an <a> tag. This allows attackers to create malicious links with JSON payloads such as:

{
  "foo": "https://bar.com\" onmouseover=alert('xss') \""
}

This may lead to arbitrary JavaScript execution in a victim's browser.

Recommendation

Upgrade to version 1.3.0 or later.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-v9wp-8r97-v6xg

References

1. https://www.npmjs.com/advisories/1036

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.