RSS   Podatności dla 'I18next'   RSS

2018-06-04
 
CVE-2017-16008

CWE-79
 

 
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2.

 
2018-05-29
 
CVE-2017-16010

CWE-79
 

 
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.

 


Copyright 2024, cxsecurity.com

 

Back to Top