{ "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2021-22540", "STATE": "PUBLIC", "TITLE": "XSS in Dart SDK" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Dart SDK", "version": { "version_data": [ { "version_affected": "<", "version_name": "stable", "version_value": "2.12.3" } ] } } ] }, "vendor_name": "Google LLC" } ] } }, "credit": [ { "lang": "eng", "value": "Vincenzo di Cicco" } ], "description": { "description_data": [ { "lang": "eng", "value": "Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/dart-lang/sdk/security/advisories/GHSA-3rfv-4jvg-9522", "refsource": "CONFIRM", "url": "https://github.com/dart-lang/sdk/security/advisories/GHSA-3rfv-4jvg-9522" }, { "name": "https://github.com/dart-lang/sdk/commit/ce5a1c2392debce967415d4c09359ff2555e3588", "refsource": "CONFIRM", "url": "https://github.com/dart-lang/sdk/commit/ce5a1c2392debce967415d4c09359ff2555e3588" } ] }, "source": { "discovery": "EXTERNAL" } }