Cross-site Scripting

jsondiffpatch is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization in HtmlFormatter::nodeBegin, allowing attackers to inject malicious scripts that execute when the HTML formatter renders untrusted diff content...

jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin

Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...

GHSA-33VC-WFWW-VJFV jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin

Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

jsondiffpatch 安全漏洞

jsondiffpatch is a software with the ability to differentiate and patch JavaScript objects from Benjamín Eidelman's personal developer. A security vulnerability exists in versions of jsondiffpatch prior to 0.7.2, which stems from the vulnerability of HtmlFormatter::nodeBegin to a cross-site...

PT-2025-37115

Name of the Vulnerable Software and Affected Versions: jsondiffpatch versions prior to 0.7.2 Description: The package is susceptible to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads, potentially leading to code execution if...

Cross-site Scripting (XSS)

Overview org.webjars.bower:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may...

Cross-site Scripting (XSS)

Overview jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code...