Reflected Cross-Site Scripting in jquery.terminal

GHSA-2hwp-g4g7-mwwj

Published May 29, 2019 · Modified Aug 31, 2020

Description

Versions of jquery.terminal prior to 1.21.0 are vulnerable to Reflected Cross-Site Scripting. If the application has either of the options anyLinks or invokeMethods set to true, the application may execute arbitrary JavaScript through crafted malicious payloads due to insufficient sanitization.

Recommendation

Upgrade to version 1.21.0 or later

References

WEB https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211
WEB https://www.npmjs.com/advisories/769

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes