Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2020-23849
Good to know:
Date: January 11, 2021
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version hillelcoren/invoice-ninja - v3.2.1;hillelcoren/invoice-ninja - v4.5.7;hillelcoren/invoice-ninja - v5.1.73;hillelcoren/invoice-ninja - v2.6.6;hillelcoren/invoice-ninja - v5.3.20;hillelcoren/invoice-ninja - dev-eway;hillelcoren/invoice-ninja - v4.5.45;hillelcoren/invoice-ninja - dev-v5-stable;hillelcoren/invoice-ninja - v5.0.29;hillelcoren/invoice-ninja - v4.4.1;hillelcoren/invoice-ninja - v4.5.32;hillelcoren/invoice-ninja - v3.3.1;hillelcoren/invoice-ninja - v5.0.12;snowsoft/json-editor - v1.0.0;snowsoft/json-editor - no_fix;snowsoft/json-editor - v1.0.9;snowsoft/json-editor - v1.0.7;snowsoft/json-editor - v1.0.2;uskur/configuration-manager - no_fix;uskur/configuration-manager - 1;locomotivemtl/charcoal-admin - dev-feature/delayed-notifications;locomotivemtl/charcoal-admin - 0.24.3;locomotivemtl/charcoal-admin - dev-fix/acl-role-name;locomotivemtl/charcoal-admin - 0.16.3;locomotivemtl/charcoal-admin - 0.17.3.1;locomotivemtl/charcoal-admin - dev-assetic;locomotivemtl/charcoal-admin - dev-master;locomotivemtl/charcoal-admin - dev-feature/advanced-search;locomotivemtl/charcoal-admin - 0.15.10;locomotivemtl/charcoal-admin - 0.17.2.1;locomotivemtl/charcoal-admin - dev-mcaskill-patch-phpunit;locomotivemtl/charcoal-admin - 0.16.1;locomotivemtl/charcoal-admin - dev-joel/fix-asset-builder;locomotivemtl/charcoal-admin - dev-property-condional-logic-parser;locomotivemtl/charcoal-admin - 0.17.0;jxlwqq/json-editor - v1.0.2;jxlwqq/json-editor - no_fix;myzero1/yii2-restbyconf - no_fix;myzero1/yii2-restbyconf - 1.0.0;myzero1/yii2-restbyconf - 2.0.8;ak73gucas/json-editor - no_fix;aloudnoise/aloud-core - no_fix;phuongnamsoft/admin - no_fix;charcoal/admin - dev-joel/property-condional-logic-parser;charcoal/admin - dev-xav/quick-form-lang-tab;charcoal/admin - dev-cdn-cache-purge;charcoal/admin - 0.24.3;asvae-d/laravel-api-tester - 2.0.0-alpha;Ladder - 3.1.0;JSONEditor - no_fix;soda-framework/cms - 0.1.1;soda-framework/cms - 0.0.1;soda-framework/cms - 0.3.1;soda-framework/cms - 0.4.1;soda-framework/cms - 0.5.1;caffeina/aeria - dev-master;caffeina/aeria - dev-feature/group;caffeina/aeria - 1.0.1;caffeina/aeria - dev-dependabot/add-v2-config-file;caffeina/aeria - 1.8.72-pre;sodacms/sodacms - 0.0.1;sodacms/sodacms - 0.1.1;sodacms/sodacms - 0.5.1;sodacms/sodacms - 0.3.1;sodacms/sodacms - 0.4.1;macdabby/jsoneditor - no_fix;ecomteck/module-order-custom-attributes - no_fix;ddpro/admin - no_fix;cmskit/jsoneditor - no_fix;jsoneditor - 9.0.2;asvae/laravel-api-tester - 1.0.4;asvae/laravel-api-tester - 2.0.0-alpha;delatbabel/admin - no_fix;myzero1/yii2-apibyconf - no_fix;arx/arxmin - 5.2.0;pmurkin/bootstrapi - no_fix;craftisan/laravel-api-tester - 2.0.0-alpha;lightningsdk/core - no_fix;aheinze/cockpit - 0.9.1;aheinze/cockpit - 0.7.3;xdd/x-template - no_fix;lukaschel/pimcore-bundle-configuration - no_fix;org.webjars.npm:jsoneditor:9.5.3;org.webjars.npm:github-com-josdejong-jsoneditor:9.1.1;org.webjars.bowergithub.josdejong:jsoneditor:5.28.2;org.webjars.bower:jsoneditor:5.9.6
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | MEDIUM |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | PARTIAL |
| Availability (A): | NONE |
| Additional information: |