Zendive

Name of the Vulnerable Software and Affected Versions: jsondiffpatch versions prior to 0.7.2 Description: The package is susceptible to Cross-site Scripting (XSS) via `HtmlFormatter::nodeBegin`. An attacker can inject malicious scripts into HTML payloads, potentially leading to code execution if untrusted payloads are used as a source for the diff and the result is rendered using the built-in html formatter on a private website. Recommendations: Update to version 0.7.2 or later.