Cross-Site Scripting (XSS)

Module: pivottable

Published: August 26th, 2016

Reported by: Todd Wolfson


Vulnerable: >=1.4.0 <2.0.0
Patched: >=2.0.0


PivotTable.js is a Javascript Pivot Table library with drag'n'drop functionality built on top of jQuery/jQueryUI.

Due to a change from text to html functions in how JSON elements are rendered, a cross site scripting (XSS) vulnerability was introduced in version 1.4.0. This vulnerability remained in place until version 2.0.0.


Upgrade to version 2.0.0 or later.


Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo