Cross-Site Scripting (XSS)

Module: pivottable

Published: August 26th, 2016

Reported by: Todd Wolfson

CVE-2016-1000241

CWE-725

Vulnerable: >=1.4.0 <2.0.0
Patched: >=2.0.0
CVSS7.2High

Overview

Affected versions of pivottable are vulnerable to cross-site scripting, due to a new mechanism used to render JSON elements.

Remediation

Update to version 2.0.0 or later.

References

PR #401