First published: Mon Jan 11 2021(Updated: )
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jsoneditoronline Jsoneditor | >=8.6.6<9.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-23849 is a vulnerability that allows for stored cross-site scripting (XSS) attacks in the tree mode of jsoneditor before version 9.0.2.
CVE-2020-23849 works by injecting and executing JavaScript code in the tree mode of jsoneditor.
The severity of CVE-2020-23849 is medium, with a CVSS score of 6.1.
Versions of jsoneditor before 9.0.2, specifically starting from version 8.6.6, are affected by CVE-2020-23849.
Yes, the fix for CVE-2020-23849 is to update jsoneditor to version 9.0.2 or later.