Описание
Cross-site Scripting in jquery.json-viewer
The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.
Пакеты
Наименование
jquery.json-viewer
npm
Затронутые версииВерсия исправления
< 1.5.0
1.5.0
Связанные уязвимости
CVSS3: 6.1
nvd
почти 4 года назад
The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.