Closed mend-for-github-com[bot] closed 1 year ago
Tree widget for jQuery
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqtree/0.22.0/tree.jquery.js
Path to vulnerable library: /.22/tree.jquery.js
Dependency Hierarchy: - :x: **tree.jquery-0.22.0.js** (Vulnerable Library)
Found in HEAD commit: 12af4f854b64888df6e4492ecc94e141388e939a
Found in base branch: master
jqtree versions before 1.3.4 re vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data.
Publish Date: 2019-07-11
URL: CVE-2016-1000234
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/132
Release Date: 2019-07-11
Fix Resolution: 1.3.4
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
CVE-2016-1000234 - High Severity Vulnerability
Vulnerable Library - tree.jquery-0.22.0.js
Tree widget for jQuery
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqtree/0.22.0/tree.jquery.js
Path to vulnerable library: /.22/tree.jquery.js
Dependency Hierarchy: - :x: **tree.jquery-0.22.0.js** (Vulnerable Library)
Found in HEAD commit: 12af4f854b64888df6e4492ecc94e141388e939a
Found in base branch: master
Vulnerability Details
jqtree versions before 1.3.4 re vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data.
Publish Date: 2019-07-11
URL: CVE-2016-1000234
CVSS 3 Score Details (7.3)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/132
Release Date: 2019-07-11
Fix Resolution: 1.3.4