Cross-Site Scripting (XSS)

Module: pivottable

Published: August 26th, 2016

Reported by: Todd Wolfson

CVE-2016-1000241

Vulnerable: >=1.4.0 <2.0.0

Patched: >=2.0.0

CVSS7.2High

Overview

PivotTable.js is a Javascript Pivot Table library with drag'n'drop functionality built on top of jQuery/jQueryUI.

Due to a change from text to html functions in how JSON elements are rendered, a cross site scripting (XSS) vulnerability was introduced in version 1.4.0. This vulnerability remained in place until version 2.0.0.

Remediation

Upgrade to version 2.0.0 or later.

References

https://github.com/nicolaskruchten/pivottable/pull/401

Node Security Platform

Cross-Site Scripting (XSS)

Overview

Remediation

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo

Cross-Site Scripting (XSS)

Overview

Remediation

References

Sign up FREE for nsp Continuous Security

Free for open source and the first private repo, then just $1/mo per private repo

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo