Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03OW1wLWN4cDQtOXA2cs4AAwo2
Json2html vulnerable to cross-site scripting
Json2html is a client side javascript HTML templating library with wrappers for both jQuery and Node.js. A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 can address this issue. The name of the patch is 2d3d24d971b19a8ed1fb823596300b9835d55801. The associated identifier of this vulnerability is VDB-216959.
Permalink: https://github.com/advisories/GHSA-79mp-cxp4-9p6rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03OW1wLWN4cDQtOXA2cs4AAwo2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-79mp-cxp4-9p6r, CVE-2018-25053
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-25053
- https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801
- https://github.com/moappi/json2html/releases/tag/1.2.0
- https://vuldb.com/?ctiid.216959
- https://vuldb.com/?id.216959
- https://github.com/advisories/GHSA-79mp-cxp4-9p6r
Blast Radius: 13.0
Affected Packages
npm:node-json2html
Dependent packages: 31Dependent repositories: 134
Downloads: 67,985 last month
Affected Version Ranges: < 1.2.0
Fixed in: 1.2.0
All affected versions: 0.4.1, 1.0.0, 1.1.1
All unaffected versions: 1.2.0, 1.3.0, 1.4.0, 2.0.0, 2.1.0, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 3.0.0