| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Cross-site scripting |
|
| Description |
| + |
Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use a cross-site scripting (XSS) attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags. |
|
| References |
| + |
https://github.com/dart-lang/sdk/security/advisories/GHSA-3rfv-4jvg-9522 |
| + |
https://github.com/dart-lang/sdk/commit/a322d21bd8f620e558d6cfaf1a60fb8c7a0172d1 |
|
| Notes |
|