CVE-2016-1000234 — Cross-Site Scripting in jqtree

Description

Affected versions of `jqtree` are vulnerable to cross-site scripting in the drag and drop functionality for modifying tree data. When a user attempts to drag a node to a different position in the hierarchy, script content existing within the node will be executed. ## Recommendation Update to 1.3.4 or later.

How to fix CVE-2016-1000234

To remediate CVE-2016-1000234, upgrade the affected package to a fixed version below.

npm/jqtree—upgrade to 1.3.4 or later

Is CVE-2016-1000234 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2016-1000234.

Affected packages (1)

from 0, < 1.3.4

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-1000234
PATCHgithub.com/mbraak/jqTree
WEBgithub.com/mbraak/jqTree/issues/437
WEBwww.npmjs.com/advisories/132