{"id":"CVE-2020-23849","details":"Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.","aliases":["GHSA-q854-j362-cfq9"],"modified":"2026-03-14T10:21:05.387451Z","published":"2021-01-11T14:15:13Z","references":[{"type":"EVIDENCE","url":"https://github.com/josdejong/jsoneditor/issues/1029"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/josdejong/jsoneditor","events":[{"introduced":"990f481f5fe188d517f659217bcd5380fb4c6908"},{"fixed":"fb994728fd285a4bd1a199a25a2f600510c4a70f"}],"database_specific":{"versions":[{"introduced":"8.6.6"},{"fixed":"9.0.2"}]}}],"versions":["v8.6.6","v8.6.7","v8.6.8","v9.0.0","v9.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-23849.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}