GMS-2019-36: Reflected Cross-Site Scripting in jquery.terminal

May 29, 2019 (updated August 4, 2021)

Versions of jquery.terminal are vulnerable to Reflected Cross-Site Scripting. If the application has either of the options anyLinks or invokeMethods set to true, the application may execute arbitrary JavaScript through crafted malicious payloads due to insufficient sanitization.

References

github.com/advisories/GHSA-2hwp-g4g7-mwwj
github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211
www.npmjs.com/advisories/769

Code Behaviors & Features

Detect and mitigate GMS-2019-36 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →