CVE-2021-22540

CVE-2021-22540: XSS in Dart SDK

Vendor Google Llc
Product Dart SDK
Weakness CWE-79 · XSS
Published April 22, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.

Key dates

02Disclosure timeline

April 22, 2021 CVE published
August 3, 2024 Record updated