216.73.217.64

CVE-2026-8656

· Published 16/05/2026 06:16 · Modified 16/05/2026 06:16

Labels: CVE-2026-8656 2026-05-16CVE-2026-8656CWE-79[email protected]

Essential information

Published
16/05/2026 06:16
Modified
16/05/2026 06:16
Author
Creator
CVSS
2.0 LOW (v3) 2.0 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
jsondiffpatch / jsondiffpatch cpe:2.3:a:jsondiffpatch:jsondiffpatch:<0.7.6:*:*:*:*:*:*:*

References