npm

Severity: high

Cross-Site Scripting

jqtree

Overview

Affected versions of jqtree are vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data.

When a user attempts to drag a node to a different position in the hierarchy, script content existing within the node will be executed.

Remediation

Update to 1.3.4 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 25th, 2016
  2. reported

    Initial report by https://github.com/Monisha-M
    Jul 25th, 2016