CVE-2016-1000241 — Cross-Site Scripting (XSS) in pivottable

Description

Affected versions of `pivottable` are vulnerable to cross-site scripting, due to a new mechanism used to render JSON elements. ## Recommendation Update to version 2.0.0 or later.

How to fix CVE-2016-1000241

To remediate CVE-2016-1000241, upgrade the affected package to a fixed version below.

npm/pivottable—upgrade to 2.0.0 or later

Is CVE-2016-1000241 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2016-1000241.

Affected packages (1)

>= 1.4.0, < 2.0.0

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-1000241
PATCHgithub.com/nicolaskruchten/pivottable
WEBgithub.com/nicolaskruchten/pivottable/pull/401
WEBwww.npmjs.com/advisories/139