glossarizer

NPM

www.npmjs.com

github.com

Releases2

Frequency3 hours

Last Release almost 9 years ago

A small jquery plugin that automatically marks up glossary terms on a page. The glossary terms can be read from an external json file. When users hover over the link (dashed line), they get to see the glossary definition as a tooltip.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-42515 ↗	Oct 31, 2024Thursday, 31 October 2024, 19:15	9.9 CRITICAL	—
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry.