GHSA-mpjf-8cmf-p789

Source

https://github.com/advisories/GHSA-mpjf-8cmf-p789

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-mpjf-8cmf-p789/GHSA-mpjf-8cmf-p789.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mpjf-8cmf-p789

Published

2020-09-01T21:25:46Z

Modified

2020-08-31T18:34:28Z

Summary

Cross-Site Scripting in jingo

Details

Versions of jingo prior to 1.9.2 are vulnerable to Cross-Site Scripting (XSS). If malicious input such as <script>alert(1)</script> is placed in the content of a wiki page, Jingo does not properly encode the input and it is executed instead of rendered as text.

Recommendation

Upgrade to version 1.9.2

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:34:28Z",
    "nvd_published_at": null,
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

https://www.npmjs.com/advisories/750

Affected packages

npm / jingo

Package

Name: jingo; View open source insights on deps.dev
Purl: pkg:npm/jingo

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-mpjf-8cmf-p789/GHSA-mpjf-8cmf-p789.json"