chosen-js@1.8.0 vulnerabilities

Chosen is a JavaScript plugin that makes select boxes user-friendly. It is currently available in both jQuery and Prototype flavors.

Direct Vulnerabilities

Known vulnerabilities in the chosen-js package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Cross-site Scripting (XSS)

chosen-js is a library for making long, unwieldy select boxes more user friendly.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the AbstractChosen function in coffee/lib/abstract-chosen.coffee, via the group_label argument.

How to fix Cross-site Scripting (XSS)?

Upgrade chosen-js to version 1.8.7 or higher.

<1.8.7