โ† Back to Dashboard

CVE-2026-8656

MEDIUM NVD
CVSS Score
6.1
Severity
MEDIUM
Source
NVD
Published
May 16, 2026
Description

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS.

View Full Details โ† Back