{"url":"http://public2.vulnerablecode.io/api/packages/58102?format=json","purl":"pkg:npm/jquery.terminal@1.21.0","type":"npm","namespace":"","name":"jquery.terminal","version":"1.21.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.31.1","latest_non_vulnerable_version":"2.31.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41938?format=json","vulnerability_id":"VCID-tm3w-gjer-2qbg","summary":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)\njQuery Terminal Emulator is a plugin for creating command line interpreters in your applications.As a workaround, the user can use formatting that wrap whole user input and its no op. The code for this workaround is available in the GitHub Security Advisory. The fix will only work when user of the library is not using different formatters (e.g. to highlight code in different way).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43862","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53404","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53464","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43862"},{"reference_url":"https://github.com/jcubic/jquery.terminal","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jcubic/jquery.terminal"},{"reference_url":"https://github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5"},{"reference_url":"https://github.com/jcubic/jquery.terminal/issues/727","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jcubic/jquery.terminal/issues/727"},{"reference_url":"https://github.com/jcubic/jquery.terminal/releases/tag/2.31.1","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jcubic/jquery.terminal/releases/tag/2.31.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43862","reference_id":"CVE-2021-43862","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43862"},{"reference_url":"https://github.com/advisories/GHSA-x9r5-jxvq-4387","reference_id":"GHSA-x9r5-jxvq-4387","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x9r5-jxvq-4387"},{"reference_url":"https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387","reference_id":"GHSA-x9r5-jxvq-4387","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59918?format=json","purl":"pkg:npm/jquery.terminal@2.31.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery.terminal@2.31.1"}],"aliases":["CVE-2021-43862","GHSA-x9r5-jxvq-4387"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tm3w-gjer-2qbg"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41011?format=json","vulnerability_id":"VCID-24q8-vfny-2yfh","summary":"Reflected Cross-Site Scripting in jquery.terminal\nVersions of `jquery.terminal` are vulnerable to Reflected Cross-Site Scripting. If the application has either of the options `anyLinks` or `invokeMethods` set to true, the application may execute arbitrary JavaScript through crafted malicious payloads due to insufficient sanitization.","references":[{"reference_url":"https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211"},{"reference_url":"https://www.npmjs.com/advisories/769","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/769"},{"reference_url":"https://github.com/advisories/GHSA-2hwp-g4g7-mwwj","reference_id":"GHSA-2hwp-g4g7-mwwj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2hwp-g4g7-mwwj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58102?format=json","purl":"pkg:npm/jquery.terminal@1.21.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tm3w-gjer-2qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery.terminal@1.21.0"}],"aliases":["GHSA-2hwp-g4g7-mwwj","GMS-2019-36"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24q8-vfny-2yfh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/jquery.terminal@1.21.0"}