jQuery-MultiSelect icon indicating copy to clipboard operation
jQuery-MultiSelect copied to clipboard
verified publisher icon nobleclem

XSS vulnerability in _addOption

Open lawrencetacilo opened this issue 3 years ago • 0 comments

There's a XSS vulnerability when options data has executable JS content.

Under _addOption function (line:874), the initialization of thisOption var is using .html which allows executable JS contents to run. image

Changing the .html to .text will fix the issue.

lawrencetacilo avatar Sep 22 '22 06:09 lawrencetacilo