Cross-Site Scripting in jqtree

2020-09-01T15:35:22
ID GHSA-GJHX-GXWX-JX9J
Type github
Reporter GitHub Advisory Database
Modified 2020-09-01T15:35:22

Description

Affected versions of jqtree are vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data.

When a user attempts to drag a node to a different position in the hierarchy, script content existing within the node will be executed.

Recommendation

Update to 1.3.4 or later.