CVE-2017-16008 - AskarLabs CVE Database

CVE-2017-16008

Vendor Hackerone

Product i18next node module

Weakness CWE-79 · XSS

Published June 4, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2.

Key dates

02Disclosure timeline

June 4, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-16008 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters CVE-2024-56235 WordPress Coupon plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-27930 Stored XSS CVE-2025-8429 A user with elevated privileges can inject XSS in the ACL Action access configuration page CVE-2023-32119 WordPress WPO365 | Mail Integration for Office 365 / Outlook Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)