GHSA-X9R5-JXVQ-4387 jquery.terminal self XSS on user input

Impact This is low impact and limited XSS, because code for XSS payload is always visible, but attacker can use other techniques to hide the code the victim sees. Also if the application use execHash option and execute code from URL the attacker can use this URL to execute his code. The scope is...

Cross-site Scripting (XSS)

jquery.terminal is vulnerable to cross-site scripting. The use of execHash option code from URL allows an attacker to execute malicious code via URL. Note: Javascript attribute used is added to span tag , therefore allowing no automatic execution like with onerror...

GHSA-2HWP-G4G7-MWWJ Reflected Cross-Site Scripting in jquery.terminal

Versions of jquery.terminal prior to 1.21.0 are vulnerable to Reflected Cross-Site Scripting. If the application has either of the options anyLinks or invokeMethods set to true, the application may execute arbitrary JavaScript through crafted malicious payloads due to insufficient sanitization...

Reflected Cross-Site Scripting in jquery.terminal

Versions of jquery.terminal prior to 1.21.0 are vulnerable to Reflected Cross-Site Scripting. If the application has either of the options anyLinks or invokeMethods set to true, the application may execute arbitrary JavaScript through crafted malicious payloads due to insufficient sanitization...