CVE-2026-8656

by Fred · 16/05/2026

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS.

More information : https://gist.github.com/yuki-matsuhashi/72ed072d919f3c52adba298faa6a7da5

CVE-2026-8656

Similar

Recent Posts

Categories

CVE-2026-8656

Share this:

Similar

Recent Posts

Categories

Tags