Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to demo/en/asyncData/getNodesForBigData.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ztree_project | ztree | * |