Vulnerabilities (CVE)

Filtered by vendor I18next Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16008 1 I18next 1 I18next 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2.
CVE-2017-16010 1 I18next 1 I18next 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.