20 matches found
CVE-2020-23849
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
EUVD-2021-2246
Malware in sbrugna...
EUVD-2021-2072
Malware in sbrugna...
CVE-2021-3822
jsoneditor is vulnerable to Inefficient Regular Expression Complexity...
GHSA-Q854-J362-CFQ9 Cross-site Scripting in jsoneditor
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
Cross-site Scripting in jsoneditor
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
Regular Expression Denial Of Service (ReDoS)
jsoneditor is vulnerable to regular expression denial of service. The use of inefficient regex pattern for trimmedValue in getInnerText function of util.js allows a malicious user to crash the application by providing a malicious input...
CVE-2021-3822
jsoneditor is vulnerable to Inefficient Regular Expression Complexity...
Design/Logic Flaw
jsoneditor is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3822 Inefficient Regular Expression Complexity in josdejong/jsoneditor
jsoneditor is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3822
The CVE-2021-3822 entry concerns jsoneditor (josdejong/jsoneditor), where the getInnerText function uses an inefficient regex for trimmedValue, creating potential Regular Expression Denial of Service (ReDoS). Multiple connected sources corroborate a ReDoS risk affecting jsoneditor, with reference...
Josdejong Jsoneditor 资源管理错误漏洞
Josdejong Jsoneditor is a web page based software for viewing, editing, and validating Json data by the individual developer Josdejong. A resource management error vulnerability exists in Jsoneditor that stems from an error in a regular expression in the product. An attacker could use this...
Inefficient Regular Expression Complexity in josdejong/jsoneditor
✍️ Description The jsoneditor package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted element as input to the getInnerText function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...
CVE-2020-23849
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
CVE-2020-23849
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
Cross site scripting
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
CVE-2020-23849
CVE-2020-23849 refers to a Stored XSS in the jsoneditor component (tree mode) present before version 9.0.2. The underlying issue is injecting and executing JavaScript within the affected editor, enabling script execution that can compromise the user session or page state. Public references descri...
CVE-2020-23849
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript...
jsoneditor Cross-site Scripting Vulnerability
Josdejong Jsoneditor is a web page based software for viewing, editing, and verifying Json data by the individual developer Josdejong. A cross-site scripting vulnerability exists in jsoneditor before 9.0.2, which allows the vulnerability to be triggered by injecting and executing JavaScript...
Cross-Site Scripting (XSS)
jsoneditor is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in tree mode...