Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23849
Reference (s):
- https://github.com/josdejong/jsoneditor/issues/1029