Description

Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.

Remediation

References

https://github.com/josdejong/jsoneditor/issues/1029

Related Vulnerabilities

CVE-2020-28267 Vulnerability in npm package @strikeentco/set

CVE-2022-35204 Vulnerability in npm package vite

CVE-2022-25916 Vulnerability in npm package mt7688-wiscan

CVE-2010-2273 Vulnerability in npm package dojo

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webflux

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory