Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3AtZzRnNy1td3dq
Reflected Cross-Site Scripting in jquery.terminal
Versions of jquery.terminal prior to 1.21.0 are vulnerable to Reflected Cross-Site Scripting. If the application has either of the options anyLinks or invokeMethods set to true, the application may execute arbitrary JavaScript through crafted malicious payloads due to insufficient sanitization.
Recommendation
Upgrade to version 1.21.0 or later
Permalink: https://github.com/advisories/GHSA-2hwp-g4g7-mwwjJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJod3AtZzRnNy1td3dq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 5 years ago
Updated: over 1 year ago
Identifiers: GHSA-2hwp-g4g7-mwwj
References:
- https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211
- https://www.npmjs.com/advisories/769
- https://github.com/advisories/GHSA-2hwp-g4g7-mwwj
Blast Radius: 0.0
Affected Packages
npm:jquery.terminal
Dependent packages: 24Dependent repositories: 244
Downloads: 15,755 last month
Affected Version Ranges: < 1.21.0
Fixed in: 1.21.0
All affected versions: 0.9.1, 0.9.2, 0.9.3, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.11.6, 0.11.7, 0.11.8, 0.11.9, 0.11.10, 0.11.11, 0.11.12, 0.11.13, 0.11.14, 0.11.15, 0.11.16, 0.11.17, 0.11.18, 0.11.19, 0.11.20, 0.11.21, 0.11.22, 0.11.23, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.14, 1.0.15, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.4.2, 1.4.3, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.12.0, 1.12.1, 1.14.0, 1.15.0, 1.16.0, 1.16.1, 1.17.0, 1.18.0, 1.19.0, 1.19.1, 1.20.0, 1.20.1, 1.20.2, 1.20.3, 1.20.4, 1.20.5
All unaffected versions: 1.21.0, 1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.22.5, 1.22.6, 1.22.7, 1.23.0, 1.23.1, 1.23.2, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.8.0, 2.9.0, 2.10.0, 2.11.1, 2.12.0, 2.14.0, 2.14.1, 2.15.0, 2.15.1, 2.15.2, 2.15.3, 2.15.4, 2.16.0, 2.16.1, 2.17.0, 2.17.1, 2.17.2, 2.17.3, 2.17.4, 2.17.5, 2.17.6, 2.18.0, 2.18.1, 2.18.2, 2.18.3, 2.19.0, 2.19.1, 2.19.2, 2.20.0, 2.20.1, 2.20.2, 2.21.0, 2.22.0, 2.23.0, 2.23.1, 2.23.2, 2.24.0, 2.25.0, 2.25.1, 2.26.0, 2.27.0, 2.27.1, 2.28.0, 2.28.1, 2.29.0, 2.29.1, 2.29.2, 2.29.3, 2.29.4, 2.30.0, 2.30.1, 2.30.2, 2.31.0, 2.31.1, 2.32.0, 2.32.1, 2.33.0, 2.33.1, 2.33.2, 2.33.3, 2.34.0, 2.35.0, 2.35.1, 2.35.2, 2.35.3, 2.36.0, 2.37.0, 2.37.1, 2.37.2, 2.38.0, 2.39.0, 2.39.1, 2.39.2, 2.39.3, 2.40.0, 2.40.1, 2.40.2, 2.40.3, 2.40.4, 2.40.5, 2.40.6, 2.41.0, 2.41.1