Affected versions of
jqtree are vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data.
When a user attempts to drag a node to a different position in the hierarchy, script content existing within the node will be executed.
Update to 1.3.4 or later.
publishedAdvisory publishedJul 25th, 2016
reportedInitial report by https://github.com/Monisha-MJul 25th, 2016