Unrated severityNVD Advisory· Published Mar 26, 2020· Updated Aug 4, 2024
XSS in Dart
CVE-2020-8923
Description
An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Google/Dart SDKv5Range: stable
Patches
Vulnerability mechanics
References
1- github.com/dart-lang/sdk/security/advisories/GHSA-hfq3-v9pv-p627mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.