-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| jplayer | npm | < 2.3.0 | 2.3.0 |
KEV Misses 88% of Exploited CVEs- Get the report
Miggo AIRoot Cause AnalysisThe commit diff shows 'alert' was added to the 'illegals' blacklist in Jplayer.as's illegalChar function. This function validates input parameters, and the absence of 'alert' in the blacklist prior to the patch made XSS exploitation possible via user-controlled parameters. The direct correlation between the vulnerability description (alert-based XSS) and this blacklist modification confirms this function's role.