GHSA-7p6w-x2gr-rrf8

Suggest an improvement
Source
https://github.com/advisories/GHSA-7p6w-x2gr-rrf8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-7p6w-x2gr-rrf8/GHSA-7p6w-x2gr-rrf8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7p6w-x2gr-rrf8
Published
2020-09-02T21:28:05Z
Modified
2025-07-10T16:49:40Z
Summary
ag-grid Cross-Site Scripting vulnerability
Details

Versions of ag-grid prior to 14.0.0 are vulnerable to Cross-Site Scripting (XSS). Grid contents are not properly sanitized and may allow attackers to execute arbitrary JavaScript if user input is rendered in the grid.

Recommendation

Upgrade to version 14.0.0 or later.

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "HIGH",
    "github_reviewed_at": "2020-08-31T18:39:39Z",
    "nvd_published_at": null
}
References

Affected packages

npm / ag-grid

Package

Name
ag-grid
View open source insights on deps.dev
Purl
pkg:npm/ag-grid

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.0.0