Cross-Site Scripting (XSS)

Module: pivottable

Published: August 26th, 2016

Reported by: Todd Wolfson

CVE-2016-1000241

CWE-725

Vulnerable: >=1.4.0 <2.0.0
Patched: >=2.0.0
CVSS7.2High

Overview

PivotTable.js is a Javascript Pivot Table library with drag'n'drop functionality built on top of jQuery/jQueryUI.

Due to a change from text to html functions in how JSON elements are rendered, a cross site scripting (XSS) vulnerability was introduced in version 1.4.0. This vulnerability remained in place until version 2.0.0.

Remediation

Upgrade to version 2.0.0 or later.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo
Sign up now