Fluid Attacks Database

Description

Reflected Cross-Site Scripting in jquery.terminal Versions of jquery.terminal prior to 1.21.0 are vulnerable to Reflected Cross-Site Scripting. If the application has either of the options anyLinks or invokeMethods set to true, the application may execute arbitrary JavaScript through crafted malicious payloads due to insufficient sanitization.

Recommendation

Upgrade to version 1.21.0 or later

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	jquery.terminal	>=0 <1.21.0	1.21.0

Aliases

1. GCVE-GHSA-2hwp-g4g7-mwwj

References

1. https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c6340462112. https://www.npmjs.com/advisories/769

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.