The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.
References
Link | Resource |
---|---|
https://www.npmjs.com/package/jquery.json-viewer | Product Third Party Advisory |
https://github.com/abodelot/jquery.json-viewer/pull/26 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-05-04 11:15
Updated : 2022-05-13 10:24
NVD link : CVE-2022-30241
Mitre link : CVE-2022-30241
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
jquery_json-viewer_project
- jquery_json-viewer