CVE-2015-7348

Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to demo/en/asyncData/getNodesForBigData.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ztree_project:ztree:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-12-07 20:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-7348

Mitre link : CVE-2015-7348

CVE.ORG link : CVE-2015-7348


JSON object : View

Products Affected

ztree_project

  • ztree
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')