Описание
Cross-Site Scripting in jqtree
Affected versions of jqtree are vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data.
When a user attempts to drag a node to a different position in the hierarchy, script content existing within the node will be executed.
Recommendation
Update to 1.3.4 or later.
Пакеты
Наименование
jqtree
npm
Затронутые версииВерсия исправления
<= 1.3.3
1.3.4
CVE ID
Дефекты
CWE-79
Связанные уязвимости
CVE ID
Дефекты
CWE-79