Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qNjM2LWNycDMtbTU4NM053w
Cross-site Scripting in tableexport.jquery.plugin
There is a cross-site scripting vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. This can result in transmitting cookies to third-party servers and/or sending data from secure sessions to third-party servers.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNjM2LWNycDMtbTU4NM053w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-j636-crp3-m584, CVE-2022-1291
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-1291
- https://github.com/hhurz/tableexport.jquery.plugin/commit/dcbaee23cf98328397a153e71556f75202988ec9
- https://huntr.dev/bounties/49a14371-6058-47dd-9801-ec38a7459fc5
- https://github.com/advisories/GHSA-j636-crp3-m584
Blast Radius: 11.7
Affected Packages
npm:tableexport.jquery.plugin
Dependent packages: 3Dependent repositories: 144
Downloads: 29,544 last month
Affected Version Ranges: < 1.25.0
Fixed in: 1.25.0
All affected versions: 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.7.2, 1.8.0, 1.8.1, 1.8.2, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.5, 1.9.8, 1.9.9, 1.9.11, 1.9.12, 1.9.13, 1.9.14, 1.9.15, 1.9.16, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10, 1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 1.10.16, 1.10.17, 1.10.18, 1.10.19, 1.10.20, 1.10.21, 1.10.22, 1.10.23, 1.10.24, 1.10.25, 1.10.26, 1.20.0, 1.20.1, 1.20.2, 1.21.0, 1.22.0, 1.23.0
All unaffected versions: 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.29.0, 1.30.0