Filtered by vendor I18next
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-16008 | 1 I18next | 1 I18next | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2. | |||||
CVE-2017-16010 | 1 I18next | 1 I18next | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later. |