Cross-site Scripting

jsondiffpatch is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization in HtmlFormatter::nodeBegin, allowing attackers to inject malicious scripts that execute when the HTML formatter renders untrusted diff content...

GHSA-33VC-WFWW-VJFV jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin

Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...

jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin

Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

PT-2025-37115

Name of the Vulnerable Software and Affected Versions: jsondiffpatch versions prior to 0.7.2 Description: The package is susceptible to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads, potentially leading to code execution if...

jsondiffpatch 安全漏洞

jsondiffpatch is a software with the ability to differentiate and patch JavaScript objects from Benjamín Eidelman's personal developer. A security vulnerability exists in versions of jsondiffpatch prior to 0.7.2, which stems from the vulnerability of HtmlFormatter::nodeBegin to a cross-site...

Cross-site Scripting (XSS)

Overview org.webjars.bower:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may...

Cross-site Scripting (XSS)

Overview jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code...