Back to search
CVE-2017-16008
Published: Jun 4, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2.
| Vendor | Product | Versions |
|---|---|---|
HackerOne | i18next node module | affected <=1.10.2 |
Weaknesses (CWE)
References
https://nodesecurity.io/advisories/325
x_refsource_MISC
https://github.com/i18next/i18next/pull/443
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now