ag-grid@3.3.2 vulnerabilities

Advanced Data Grid / Data Table supporting Javascript / React / AngularJS / Web Components

latest version

18.1.2

latest non vulnerable version

18.1.3-beta.1

first published

9 years ago

latest version published

6 years ago

deprecated

Package is deprecated

licenses detected

MIT
>=0

View ag-grid package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ag-grid package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M HTML Injection `ag-grid` is an advanced Data Grid / Data Table supporting Javascript / React / AngularJS / Web Components. Affected versions of the package are vulnerable to HTML Injection. `ag-grid` used mozilla's `Element.innerHTML`, which is vulnerable to Cross-site Scripting (XSS) attacks when used within a user-inputted value. In this case an attacker could insert a malicious username and initiate a XSS attack, like: `<span onclick="alert('hacked!')">John Smith</span>` How to fix HTML Injection? Upgrade `ag-grid` to version 5.0.0 or higher.	>=3.3.0 <5.0.0-alpha.0

HTML Injection

ag-grid is an advanced Data Grid / Data Table supporting Javascript / React / AngularJS / Web Components.

Affected versions of the package are vulnerable to HTML Injection. ag-grid used mozilla's Element.innerHTML, which is vulnerable to Cross-site Scripting (XSS) attacks when used within a user-inputted value. In this case an attacker could insert a malicious username and initiate a XSS attack, like:

<span onclick="alert('hacked!')">John Smith</span>

How to fix HTML Injection?

Upgrade ag-grid to version 5.0.0 or higher.

>=3.3.0 <5.0.0-alpha.0

Go back to all versions of this package