VYPR
High severityGHSA Advisory· Published Sep 1, 2020· Updated Sep 23, 2021

Cross-Site Scripting in jqtree

CVE-2016-1000234

Description

Affected versions of jqtree are vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data.

When a user attempts to drag a node to a different position in the hierarchy, script content existing within the node will be executed.

Recommendation

Update to 1.3.4 or later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jqtreenpm
< 1.3.41.3.4

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.